Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Access Control

 
Luiz Pereira
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an application into the intranet that pass for its the user in header request, I save in session and I use this information for access control on others pages.
I need that when an user logged out from intranet, visit others site and if he try access the application again, paste the url in browser, the system show message "Access Denied".

Thanks,
 
Mike Nightsky
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you could the a session explicitly that it is invalid (HttpSerssion.invalidate()).
Then you could remove the objects from the session.
then remove the athenticating header and send a redirect (response.sendRedirect()) to the loginpage
Then the user should be logged out safely.
Mike
 
Ali Gohar
Ranch Hand
Posts: 572
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
See FilterServlet. It can surely help you.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64822
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually it's javax.servlet.Filter. You can use filters to determine if a request requires validation or any other kind of request pre- (or post-) processing.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic