Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Servlets and the fly likes Access Control Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Access Control" Watch "Access Control" New topic

Access Control

Luiz Pereira

Joined: Mar 18, 2004
Posts: 6
I have an application into the intranet that pass for its the user in header request, I save in session and I use this information for access control on others pages.
I need that when an user logged out from intranet, visit others site and if he try access the application again, paste the url in browser, the system show message "Access Denied".

Mike Nightsky
Ranch Hand

Joined: Aug 18, 2001
Posts: 48
you could the a session explicitly that it is invalid (HttpSerssion.invalidate()).
Then you could remove the objects from the session.
then remove the athenticating header and send a redirect (response.sendRedirect()) to the loginpage
Then the user should be logged out safely.

Win the opportunity to make money on the Internet<br /><a href="" target="_blank" rel="nofollow"></a>
Ali Gohar
Ranch Hand

Joined: Mar 18, 2004
Posts: 572
See FilterServlet. It can surely help you.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63858

Actually it's javax.servlet.Filter. You can use filters to determine if a request requires validation or any other kind of request pre- (or post-) processing.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: Access Control
It's not a secret anymore!