This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JSP and the fly likes with out authentication it is forwading to another page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "with out authentication it is forwading to another page" Watch "with out authentication it is forwading to another page" New topic
Author

with out authentication it is forwading to another page

kishore rowthu kumar
Greenhorn

Joined: Jul 21, 2008
Posts: 2
sri,
I created two files

1.password.html

<html>
<head><title>password</title>
</head>
<body>
<form name="abc" action="pass.jsp" method="POST">
<input type="text" name="userid" size="25" value="">
<input type="password" name="pass" size="25" value="">
<input type="submit" name="tn1" value="Submit" >
<input type="reset" name="tn2" value="Reset">
</form>
</body>
</html>

and another
2.pass.jsp

< %@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page language ="java" %>
<%@ page import="java.sql.*, javax.sql.*,javax.naming.*,java.io.*,java.util.*" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>

<body>
<% String userid = request.getParameter("userid");
String password = request.getParameter("pass");
try
{
Connection connection = null;
Statement st = null;
ResultSet rs = null;
Class.forName("oracle.jdbc.driver.OracleDriver");
connection = DriverManager.getConnection("jdbc:Oracle:thin:@localhost:1522:xe","system","kis");
st = connection.createStatement();
rs = st.executeQuery("select username from password where username='" + userid + "' and password='" + password + "'");
out.println("Valid==" + rs);
if (rs.next())
{

String UserID = rs.getString("username");
out.println("Valid user=" + UserID);
%>
<jsp:forward page="/registration.jsp" />
}
else
{

out.println("Invalid user"); %>
<jsp:forward page="/invalid.jsp" />
<% } rs.close();

}
catch (Exception ex)

{
out.println(ex.getMessage());
out.println("Unable to connect to database."); } %>
</body>
</html>


Problem :
---------

In pass.jsp I used <jsp:forward page="/registration.jsp" /> to open another window when userid and password matchs with userid and password of database then only it opens another window registration.html . Problem is if user knows registraion.html directly ,he is not using password.html. without entering into password.html he is directly entering into registration.html.Above code is not perfectly authenticated He has to access it only after password.html i.e he should get permission from password.html to access registration.html.

Please help me to solve my problem.

[ July 21, 2008: Message edited by: kishore rowthu kumar ]

[ July 21, 2008: Message edited by: kishore rowthu kumar ]
[ July 21, 2008: Message edited by: kishore rowthu kumar ]
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Hi,

use <security-constraint> in web.xml...for information please search the Google
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

You can also solve this problem using session management.
If the user is not authenticated just redirect him to the login page.
And try to keep all the pages dynamic.


Hope this helps


SCJP, SCWCD.
|Asking Good Questions|
 
Consider Paul's rocket mass heater.
 
subject: with out authentication it is forwading to another page
 
Similar Threads
user validation page
How to separate Business Logic from the servlet
Session management problem
Error while forwarding page
Session tracking