my dog learned polymorphism*
The moose likes Servlets and the fly likes Access Control Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Access Control" Watch "Access Control" New topic

Access Control

Luiz Pereira

Joined: Mar 18, 2004
Posts: 6
I have an application into the intranet that pass for its the user in header request, I save in session and I use this information for access control on others pages.
I need that when an user logged out from intranet, visit others site and if he try access the application again, paste the url in browser, the system show message "Access Denied".

Mike Nightsky
Ranch Hand

Joined: Aug 18, 2001
Posts: 48
you could the a session explicitly that it is invalid (HttpSerssion.invalidate()).
Then you could remove the objects from the session.
then remove the athenticating header and send a redirect (response.sendRedirect()) to the loginpage
Then the user should be logged out safely.

Win the opportunity to make money on the Internet<br /><a href="" target="_blank" rel="nofollow"></a>
Ali Gohar
Ranch Hand

Joined: Mar 18, 2004
Posts: 572
See FilterServlet. It can surely help you.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 60785

Actually it's javax.servlet.Filter. You can use filters to determine if a request requires validation or any other kind of request pre- (or post-) processing.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
subject: Access Control
Similar Threads
JSP accessing Server Variables("LOGON_User")
Interactivity between two ejb application
HTTPS link is down where as http is working
Please help me in design
Authenticate based on the NT user ID