I've been part of a Java Lab that my company has started. We run Apache,Tomcat, and MySQL as well as the IBM WebSphere and DB2 products on another machine. We've written an application for our sales folks to use and we have built in security into this app. What we want to do is limit access to certain pages. Our first solution works fine: Check the users role from the servlet, based on that role, dynamically build the HTML that will only show them what they need to see. However, it does NOT stop them from first logging in then direclty going to the URL via the address bar. Therefore we've placed the following code at the top of all of our JSP's that need this security.
Now, that code works on all pages except one. The only difference is the amount of data we are querying. On the page that isn't working correctly, we get the failure page but it only appears after some the the HTML code is actually read and displayed. Meaning our output will show actual HTML Tags, (i.e. ...style="font-size: 10pt"> and it also interprets four buttons that we have on that page. The problem only appears in Jakarta Tomcat, not in the IBM WebSphere tools... Any ideas... (phew!)
Ryan Headley<br /><a href="http://www.sudovi.com" target="_blank" rel="nofollow">http://www.sudovi.com</a>