This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Servlets and the fly likes ServletRequest Attributes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "ServletRequest Attributes" Watch "ServletRequest Attributes" New topic

ServletRequest Attributes

Lisa Modglin
Ranch Hand

Joined: Oct 28, 2003
Posts: 46
I'm reorganizing my JSPs and would like to implement a Servlet that I have that authenticates my users. After authenticated, I'd like to use the RequestDispatcher to go to a JSP page. From that JSP page, I need to be able to check whether or not the user was authenticated and I was thinking of using the request attributes. Is this approach secure? Can a hacker add attributes to the request, or can this only be done from within my servlet?
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63540

Scoped variables in the various scopes are safe from hackers. Anything is possible with enough determination, but it'd take hacking into the server to make such mischief...

With regards to your plan: frequently a servlet filter is used to check for authentication, and authentication information is usually stored in the session.

[Asking smart questions] [About Bear] [Books by Bear]
subject: ServletRequest Attributes
It's not a secret anymore!