glassfish_at_javadesktop.org wrote:
> I believe this article addresses our issue:
> http://blogs.sun.com/bobby/entry/simplified_security_role_mapping
I'm glad that helps, but it may be a little specialized, or not give you
the whole picture. If you want users to be able to go to some URLs and
not others, then protecting them with <security-constraint> is one way
to go. This page of the tutorial gives a more full example than my
little one in the blog:
http://java.sun.com/javaee/5/docs/tutorial/doc/Security-Intro6.html
Of course, a simple hack to not let users see the files in a directory
is to put an index.html/jsp page there. Not foolproof though.
Cheers,
Bobby