Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hiding a JSP from public access

 
Srinivas Aluri
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a requirement that one application will post the data to the other application simply by calling the JSP page on the target application. That we have done using HTTPUrlConnection. But the problem is any user from the target application also able to call the JSP page. Our requiremnt is it has to be used by the client application. So, How do we restrict the access to that particular JSP from the users?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The short answer is, you can't.

That being said, there are things that you can do to make it more difficult for the casual user to get to your JSP with a browser.

Since you're using a custom client, you can set whatever custom headers you like. In the JSP, you can look for these headers and throw a 404 exception if they're not present. This wouldn't stop someone with a packet sniffer and a custom client (including FireFox with a plugin that allows the user to change/add fields and headers) but it would keep most of the honest people out.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic