Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

sending protected files from servlets

 
lavanya chukkala
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
My ligin.html file sends the username and password to a servlet to validate. the servlet must return a .html file if the uername and password is correct.
The user must be able to accesss the .html file only if he has logged in. I am not able to accomplish this part, because when my servlet is returning the .html file the entire URL of the file is displayed in the browsers location bar.
Therefore, the URL can be copied and pasted in another browser and the .html file will be displayed.
Could you tell me how to solve this problem?
thanks in advance
 
Tony Alicea
Desperado
Sheriff
Posts: 3226
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hans Bergsten, in his book JavaServer Pages (O'Reilly) http://www.amazon.com/exec/obidos/ASIN/156592746x/electricporkchop suggests a way of protecting HTML static resources or JSPs from being viewed the way you say.
You'd have to code something like this in the web.xml file:
<security-constraint>
<web-resource-collection>
<url-pattern>yourSecretPage.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>nobody</role-name>
</auth-constraint>
</security-constraint>
DON'T assign any user to the "nobody" role. Then use a RequestDispatcher to get to the page. Since dispatching a Request is an internal affair, the constraint doesn't have any effect, but no one will be able to "cut and paste" a URL to get to the page.
 
Robert Gagliardo
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The above will work.
Or apon success, have the login servlet read the html file and print it back to the user.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic