Here is how our Tomcat webserver is currently setup. We are using jsp for

Question

0

Editorial Team

Asked: May 10, 20262026-05-10T21:29:15+00:00 2026-05-10T21:29:15+00:00

Here is how our Tomcat webserver is currently setup. We are using jsp for

0

Here is how our Tomcat webserver is currently setup. We are using jsp for the webpages.

/webserverpath/main (all public pages and the login page)
/webserverpath/secure1 (private pages)
/webserverpath/secure2 (private pages)
/webserverpath/secure3 (private pages)

I recently discovered that the authentication is very minimal. For instance once a user is logged in they can bookmark any private page, close the browser, open the browser back up and go to the bookmark and is never asked to sign in again (which turns out to be bad since we recently started disabling users). All of this was setup before I arrived. I’m wondering what can I do to add the proper security? Should I have all the folders under one main folder (ie /webserverpath/main/secure1, etc.) or just leave it alone?

Let me add that I’m newish to the whole website authentication stuff, having multiple websites in different folders like this and JSP itself.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-10T21:29:15+00:00

2026-05-10T21:29:15+00:00Added an answer on May 10, 2026 at 9:29 pm

You might start here: Declarative Web Application Security with Servlets and JSP
Generally, you probably want some session-based authentication that kicks people out of the private parts of the site if they aren’t authenticated.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Here is how our Tomcat webserver is currently setup. We are using jsp for

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply