A normal user can access admin.html

rb-sl / DB2_project

Databases 2 project - Politecnico di Milano

0 stars 1 forks source link

Closed rb-sl closed 3 years ago

rb-sl commented 3 years ago

Proposed solution: create servlet e.g. GoToAdmin to restrict user access

rb-sl commented 3 years ago

Also a non-logged user can access; clicking on a link generates a HTTP Status 405 – Method Not Allowed HTTP method GET is not supported by this URL

On redirect to /DB2_project_war_exploded/Login servlet

rb-sl commented 3 years ago

Should also consider the redirect of admin pages to home instead of admin.html for non-admin users