• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

check if user has access to a specific page.

 
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm fairly new to the java/jsp world. For authentication on jsp pages I understand I should use some kind of servlet to check if a user has access to a specific page, right?

A user gets presented with a login screen, they enter their usr/pwd, and click the login button. The login form action should go to a authentication servlet to validate/login the user and assign which pages they have access to view, right?

I've been sending the form action to another JSP page to validate the user and then do a check at the top of each JSP to see if they have access to that specific page. I've been told this isn't the proper way to do authentication.

If I did use a servlet for authentication how would I prevent the user from directly accessing a jsp page that they don't have access to? Do I need some specific code at the top of each JSP to prevent this?

Thanks,
Dave
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In my opinion, the best way to do this would be with a filter rather than a servlet, and certainly not with a bunch of goo on each page.
 
Dave Bosky
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could you explain what a filter is? I've not heard the term used with java/jsp before. Why would a filter be better than a servlet?

Thanks Again!
~Dave
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Because in order to use a servlet you'd need to send every request through the servlet. If you have a single Front Controller, that's not too big an issue (though I'd argue that the filter is still architecturally preferable). But if not, then you'd need to play URL games, and life is just too short for that.

By defining a filter, the filter is associated with a URL pattern and will be invoked for any request matching the pattern. The filter can then decide whether to allow the request to process normally (if authentication succeeds) or to forward to another resource (like an error page or whatever makes sense if the authentication fails).

As such, the filter is independent of your pages and servlets and vice versa. Nice, eh?

Look up javax.servlet.Filter for more info.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OnJava article on filters.
 
Dave Bosky
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the Filter information. I've been reading up on the over the weekend
and they seem pretty cool.
I have one other question related to my original question.

So to control individual page access for users I would use 2 filters.
Filter 1: Check if the user is logged into the application.
Filter 2: Verify the user has access to this specific page.

Thanks Again.
Dave
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If it makes sense to logically separate them, yes. If the logic is the same, you could also combine them into a single filter. Whatever makes sense for your app. (Personally, I'd probably write the two separate filters for greater flexibility).
reply
    Bookmark Topic Watch Topic
  • New Topic