web.xml for form based authentication

Hi,

I have implemented form based authentication.

however, i got a problem with specifing the URL-pattern.

my directory structure is as follows:

-java
|--com
|---tool
|----portal
|----resc
-webresources

in the java/com/tool/portal "folder" i have my java classes of my servlets
in the webresources "folder" i have my css, images and .jsp files.

now i would like to "secure" the portal folder and the webresources folder.
however, my login.jsp which is used for the user-login and the css-file are also located in the webresources folder.

how would i specify this in the web.xml?

p.s: the directory structure is given like that and i have to use it as it is.

thanks in advance

[ November 25, 2008: Message edited by: Viv Singh ]

[ November 25, 2008: Message edited by: Viv Singh ]
[ November 25, 2008: Message edited by: Viv Singh ]

Since this a generic web application question and not specific to JBoss, i will move this to our Servlets forum where you will be some good advice.

Always keep login page under unprotected as that will be going to your gateway for protected resources.

how would i do this best?

at the moment in my webresources directory i have all the .jsp files, a WEB-INF folder and a images folder.

should i e.g. create an "portal" folder in the webresources folder and put all jsp files apart from the login.jsp and secure that "portal" folder?
[ November 25, 2008: Message edited by: Viv Singh ]

Hi Viv,

As you are aware all the resources under WEB-INF is restricted and protected to direct access. As suggested above, you can use a default page like index.jsp or index.html in unprotected mode and use jsp:redirect to route to the protected resource.

thanks, problem is solved. [ November 25, 2008: Message edited by: Viv Singh ]

thanks,

problem is solved.
[ November 25, 2008: Message edited by: Viv Singh ]