<%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %>

<%@ include file="/inc/nobrowsercache.jspf" %>

<%-- /index.jsp - default page for website. --%>


    <%@ include file="/inc/buttonbar.jspf" %>

    <h1>Welcome to Hogwart's!</h1>

    This is a Defense Against the Dark Arts example of using
    JSP/Servlet security. 
    <a href="<c:url value='index.xtp'/>">Tutorial documentation</a> is 

    Try doing a 
      <c:when test="true">
        <a href="<c:url value='home.jsp'/>">login</a>
        <a href="<c:url value='logout.jsp'/>">logout</a>

    To get a better understanding of how security works, try using
    the following links both when you are logged in and when you are
    All of the links are in secure areas.  If you are not
    logged in a login procedure is put in by Resin before you get
    to the pages.  If you are logged in, you may be able to see them 
    or you may get a 'Forbidden' error.
    Links to different areas:
      <li><a href="<c:url value='students/'/>">
	    Students (available to 'students' and 'professors')
      <li><a href="<c:url value='professors/'/>">
	    Professors (available to 'professors')
      <li><a href="<c:url value='staff/'/>">
	    Staff (available to 'staff' and 'professors')

    In a real application, you wouldn't show links like this -- you
    would get the user to login first and then only display the links
    that are available for their role.

    <%@ include file="/inc/footer.jspf" %>