Welcome file chosen based on assigned roles (Java web app)?

Question

I have a Java web application running on JBoss using JAAS for authentication. I would like to dynamically select the page a user logging in is shown based upon their roles as I have disjoint sets of users that shouldn't have access to the same pages.

I've tried using a Filter, but Tomcat denies access (correctly) to the requested URL before the filter has a chance to run.

Any ideas?

Answer 1

Create a servlet for serving up the files. Tell Tomcat all users have access to the URL pattern this servlet is bound to, but then in the servlet check the user's credentials and server the appropriate file (or an error) based on said credentials.

Answer 2

Hi,

Have the welcome file defined that is protected. The welcome file does a server side forward to specific pages that are defined based on the user roles.

To illustrate step by step what could happen

1. Create the welcome page say standard-welcome.jsp. Users can access this page via http://://standard-welcome.jsp
2. Secure this welcome page to authenticated users only
3. When user accesses this item they are redirected to the login page
4. Upon successful login, the server initiates the forward to this welcome page
5. Welcome page checks the role via a Custom Tag. The user role is known at this point in time.
6. User sees the page that is the default for their role.