The moose likes JSP and the fly likes Hiding a JSP from public access Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Hiding a JSP from public access" Watch "Hiding a JSP from public access" New topic

Hiding a JSP from public access

Srinivas Aluri

Joined: Jun 12, 2007
Posts: 6
I have a requirement that one application will post the data to the other application simply by calling the JSP page on the target application. That we have done using HTTPUrlConnection. But the problem is any user from the target application also able to call the JSP page. Our requiremnt is it has to be used by the client application. So, How do we restrict the access to that particular JSP from the users?
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

The short answer is, you can't.

That being said, there are things that you can do to make it more difficult for the casual user to get to your JSP with a browser.

Since you're using a custom client, you can set whatever custom headers you like. In the JSP, you can look for these headers and throw a 404 exception if they're not present. This wouldn't stop someone with a packet sniffer and a custom client (including FireFox with a plugin that allows the user to change/add fields and headers) but it would keep most of the honest people out.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link:
subject: Hiding a JSP from public access
It's not a secret anymore!