Hi Hugh,
One option is to use a welcome-file such as index.jsp in the same
directory as the login page. This will be displayed instead of the
directory listing. You can control which filenames are considered
welcome-files via <welcome-file-list> in web.xml.
Another option is to simply not expose the URL of the real login
page, and to provide the URL to the restricted home page instead.
You can further enforce this by putting the login page under WEB-INF,
e.g. /WEB-INF/jsp/login.jsp, although this will only work using SSL
(without SSL, the browser is redirected to the login page, which is
inaccessible).
Hope this helps,
Joe
On 21/03/2008, at 11:31 PM, HAcland wrote:
>
> Dear all,
>
> After setting up form based login I have noticed that if a user goes
> directly to the login page URL (ie. without first attempting to
> access a
> restricted page) then after loging in he is then presented with the
> file/directory list produced by glassfish.
>
> Only when the user first tries to access a restricted page, is then
> redirected to the login screen, does it then forward him to the
> requested
> restricted page.
>
> How can I overcome this so that if the user does go direct to the
> login page
> he is then sent onwards to a "welcome to the restricted area" page?
>
> Many thanks
> Hugh
> --
> View this message in context: http://www.nabble.com/Form-based-
> login-anomalty-tp16197823p16197823.html
> Sent from the java.net - glassfish users mailing list archive at
> Nabble.com.