Form authentication on the website
This is how our Tomcat web server works. We use jsp for web pages.
- / webserverpath / main (all public pages and login page)
- / webserverpath / secure1 (personal pages)
- / webserverpath / secure2 (personal pages)
- / webserverpath / secure3 (private pages)
I recently found that authentication is very minimal. For example, after a user logs in, they can bookmark any personal page, close the browser, open the browser and go to the bookmark, and never ask to log in again (which turned out to be bad since we recently started disconnecting users). All this was before I arrived. I am wondering what can I do to add the correct security? Should I have all folders under one main folder (e.g. / webserverpath / main / secure1, etc.) or should I just leave it alone?
Let me add that I am new to whole site authentication having multiple websites in different folders like this and the JSP itself.
source to share
You can start here: Declarative Security for Web Applications with Servlets and JSPs
Generally, you probably want session-based authentication that takes people out of private parts of the site if they are not authenticated.
source to share