File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes Hiding a JSP from public access Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Hiding a JSP from public access" Watch "Hiding a JSP from public access" New topic
Author

Hiding a JSP from public access

Srinivas Aluri
Greenhorn

Joined: Jun 12, 2007
Posts: 6
I have a requirement that one application will post the data to the other application simply by calling the JSP page on the target application. That we have done using HTTPUrlConnection. But the problem is any user from the target application also able to call the JSP page. Our requiremnt is it has to be used by the client application. So, How do we restrict the access to that particular JSP from the users?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

The short answer is, you can't.

That being said, there are things that you can do to make it more difficult for the casual user to get to your JSP with a browser.

Since you're using a custom client, you can set whatever custom headers you like. In the JSP, you can look for these headers and throw a 404 exception if they're not present. This wouldn't stop someone with a packet sniffer and a custom client (including FireFox with a plugin that allows the user to change/add fields and headers) but it would keep most of the honest people out.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Hiding a JSP from public access