| Author |
Tomcat admin pages
|
Nicholas Turner
Ranch Hand
Joined: May 24, 2003
Posts: 119
|
|
I have a few jsp pages for admin duties on my web site I created.
Is there a proper way to successfully separate them. I already have a secured area for customers so how would I have an additional login area for an administrator?
thanks,
Nick
|
 |
Mike Curwen
Ranch Hand
Joined: Feb 20, 2001
Posts: 3695
|
|
|
If you're using container managed security features, then you'd simply make all you admin pages accesible through a certain URL pattern (like /admin/*) and then place security on that pattern.
|
|
Nicholas Turner
Ranch Hand
Joined: May 24, 2003
Posts: 119
|
|
|
uhhh, how would i know if i'm using container managed features?
|
|
Mike Curwen
Ranch Hand
Joined: Feb 20, 2001
Posts: 3695
|
|
I already have a secured area for customers
How are you securing it? Are you using 'programmatic' security, meaning... you've coded a login page and you check a username/password submission against a database, place a logged in user into the session, and on every page that is 'secure', you check for that user first?
-or-
Did you use Tomcat's built-in security features?
Either way... just continue to use either of those methods.
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
|
|
Nicholas Turner
Ranch Hand
Joined: May 24, 2003
Posts: 119
|
|
well i use tomcats builtin security methods for the customer secure area.
but I want 2 secure areas, one for customers and one for the admin.
|
|
Mike Curwen
Ranch Hand
Joined: Feb 20, 2001
Posts: 3695
|
|
|
well, you can have both through the built-in. I'm not sure what the question is, if you're already using the built-in security features. Just use them again, for the other set of pages.
|
|
 |
|
|
subject: Tomcat admin pages
|
|
|
0
