Ohh..I meant any session attribute that is only set on the login page, and so , if found in session, means that this user is already validated. I will probably use a session attribute with name 'validated' and value Boolean.TRUE
Hi, I would suggest using the Security features which Servlet Specs provides you. You can use <login-config> element to configure a FORM based authentication with login.jsp as the login form. You can secure the resources which you want user to access only in logged-in state using <security-constraint> element in web-app. Please have a look at Servlet specs or any good tutorial on the web about this. regards, Amit
Joined: Nov 03, 2007
that would be a good idea if i can integrate to a database, however, from what i've seen from the servlet specs is that users are to be defined in the web.xml file.
Originally posted by Ali Khalfan: can someone help me out here.
I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example
A database isn't proprietary. Whenever a user logs in, you go to the database to validate their username/password combination. If it is correct, you set a boolean attribute in the session (the validated attribute mentioned above.)