How can i define and manage access rights for different user accounts under mydomain.com/user/xxx for which they have to login first?

Rafael Alvarez

It depends on the access rigths you want. If they are simple (like Guest level, User level or Admin level) the solution is simple too. First you need a place to store the login/password/level tuple. Level can be numeric or alphanumeric. Now, when the users logs in just put the value of the access level in the session. That way you can check anytime if the user have the required access level.

This metod is secure enought for most non-critical applications, because the value of access level can be faked.(A session is a cookie after all).

For critical applications, a servlet/jsp chaining using the POST method to pass the access level between them is required.