Hi Theodor
> thanks for the link. Does that mean I have to check for every page whether
the current user is authenticated and redirect to the login page if it's not
the case?
No :) It happens in your session. You just need to assign role based access to your system.
So users with role admin can browse /admin/
But users with role normal_users can not browse /admin/
Or users with role admin can only call abcObject.getCurrentUsers(); with getCurrentUsers() as an annotation @RolesAllowed("admin")
The are some very nice articles on "Container based Authentication". NetBeans also has cool wizards to help you with the sun-web.xml
It's JavaEE's way of saving you time and money.
Hope this helps
Richard.
[Message sent by forum member 'rjdkolb']
http://forums.java.net/jive/thread.jspa?messageID=476504