Hi Everyone this is my first post . Hoping I will learn a lot of things here .
I have created a sample
Java based web application . My application runs on
Tomcat .Also my application has only
JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .