aspose file tools*
The moose likes JSP and the fly likes Hiding a JSP from public access Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Hiding a JSP from public access" Watch "Hiding a JSP from public access" New topic
Author

Hiding a JSP from public access

Srinivas Aluri
Greenhorn

Joined: Jun 12, 2007
Posts: 6
I have a requirement that one application will post the data to the other application simply by calling the JSP page on the target application. That we have done using HTTPUrlConnection. But the problem is any user from the target application also able to call the JSP page. Our requiremnt is it has to be used by the client application. So, How do we restrict the access to that particular JSP from the users?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

The short answer is, you can't.

That being said, there are things that you can do to make it more difficult for the casual user to get to your JSP with a browser.

Since you're using a custom client, you can set whatever custom headers you like. In the JSP, you can look for these headers and throw a 404 exception if they're not present. This wouldn't stop someone with a packet sniffer and a custom client (including FireFox with a plugin that allows the user to change/add fields and headers) but it would keep most of the honest people out.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
wood burning stoves
 
subject: Hiding a JSP from public access
 
Similar Threads
Tomcat throws our the JSP source
error in executing servlet
embedded swt,jface code in jsp
embedded jsp swt
how to access resource bundle in included JS file