This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

ServletRequest Attributes

 
Lisa Modglin
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm reorganizing my JSPs and would like to implement a Servlet that I have that authenticates my users. After authenticated, I'd like to use the RequestDispatcher to go to a JSP page. From that JSP page, I need to be able to check whether or not the user was authenticated and I was thinking of using the request attributes. Is this approach secure? Can a hacker add attributes to the request, or can this only be done from within my servlet?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64631
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Scoped variables in the various scopes are safe from hackers. Anything is possible with enough determination, but it'd take hacking into the server to make such mischief...

With regards to your plan: frequently a servlet filter is used to check for authentication, and authentication information is usually stored in the session.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic