File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes ServletRequest Attributes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "ServletRequest Attributes" Watch "ServletRequest Attributes" New topic

ServletRequest Attributes

Lisa Modglin
Ranch Hand

Joined: Oct 28, 2003
Posts: 46
I'm reorganizing my JSPs and would like to implement a Servlet that I have that authenticates my users. After authenticated, I'd like to use the RequestDispatcher to go to a JSP page. From that JSP page, I need to be able to check whether or not the user was authenticated and I was thinking of using the request attributes. Is this approach secure? Can a hacker add attributes to the request, or can this only be done from within my servlet?
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63858

Scoped variables in the various scopes are safe from hackers. Anything is possible with enough determination, but it'd take hacking into the server to make such mischief...

With regards to your plan: frequently a servlet filter is used to check for authentication, and authentication information is usually stored in the session.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: ServletRequest Attributes
It's not a secret anymore!