Hi everyone,
A pretty basic JSP question, since I'm still trying to understand the right way to do things.
I'm working on a web app which requires users to log in before working. What I'd like to happen is, anytime a user that isn't logged in tries to access any page (other than the login page), the user will be redirected to my login page.
The approach that I've chosen is just to have a bit of code at the top of each page, attempting to grab the user object from the session, and if it doesn't exist, redirect to the login (I have a User object stored in the session for users that exist, which contains other details like permissions).
Is this the proper way of going about doing authentication? Or are there more standard ways I should be looking into?
EDIT: I decided to split this question into two questions, since one was more of a best-practices question and another was a purely technical one. Thanks for the responses.