• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Problem with Web Application

 
Greenhorn
Posts: 6
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Everyone this is my first post . Hoping I will learn a lot of things here .

I have created a sample Java based web application . My application runs on Tomcat .Also my application has only JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's what the servlet security mechanism is for; start reading here: https://coderanch.com/how-to/java/ServletsFaq#security. That way, the JSPs need not be inside of WEB-INF, but are protected from unauthorized access by the servlet container anyway.
 
Nagendra Suresh
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
[Ulf Dittmer] : Thanks for the reply , I will read it and try to get it working . I have one question , Currently in my login page I have created my own function to check if the entered credentials are present in a database .If the login is correct I redirect i to another page . However the link you provided says the post should be to 'j_security_check' . If i have understood things correctly the 'j_security_check' is nothing but the function I have written to check if the entered credentials are correct ?Please correct me If I am wrong
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security is easy to wrong (and thus result in an insecure system); it's better to rely on the built-in mechanisms of the servlet container - which are well tested and debugged.
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

kaage me wrote:Hi Everyone this is my first post . Hoping I will learn a lot of things here .

I have created a sample Java based web application . My application runs on Tomcat .Also my application has only JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .




you can use filter mechanism for the same...

Please see implementation of filter.........
 
Nagendra Suresh
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
[Ulf Dittmer] : Thank you for pointing me out to the links , they were very useful . I have implemented the servlet security mechanism in tomcat with JDBC Realms and it worked well . The pages cannot be directly accessed now.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic