I'm fairly new to the java/jsp world. For authentication on
jsp pages I understand I should use some kind of
servlet to check if a user has access to a specific page, right?
A user gets presented with a login screen, they enter their usr/pwd, and click the login button. The login form action should go to a authentication servlet to validate/login the user and assign which pages they have access to view, right?
I've been sending the form action to another JSP page to validate the user and then do a check at the top of each JSP to see if they have access to that specific page. I've been told this isn't the proper way to do authentication.
If I did use a servlet for authentication how would I prevent the user from directly accessing a jsp page that they don't have access to? Do I need some specific code at the top of each JSP to prevent this?
Thanks,
Dave