I want to authenticate a user, when a jsp is included. I got
<Realm className="org.apache.catalina.realm.MemoryRealm" />
in my server.xml and
<role rolename="testuser" />
<user name="test" password="test" roles="testuser" />
in the tomcat-user.xml
Now my problem with the include: I want that the login form pops up, wenn the jsp /modules/administration/admininstation.jsp is included by
<jsp:include page="modules/administration/administration.jsp" flush="true"/>
Is there a way to do this? I couldn´t find a url-pattern that matches. Or does tomcat not recognize the include as an request? errrrr I don´t understand that!
Thanks!
Authentication happens at the start of every request. jsp:include
does a server side include (= there isn't any new request from the browser to the Tomcat), so there is not a second authentication before the jsp:include
. If the client has access to the original page she will see the included jsp too.
You may should send a redirect to the browser (hint) and you may also need to set properly the security-constraint
and the login-config
tags in the web.xml
.