This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
I'm reorganizing my JSPs and would like to implement a Servlet that I have that authenticates my users. After authenticated, I'd like to use the RequestDispatcher to go to a JSP page. From that JSP page, I need to be able to check whether or not the user was authenticated and I was thinking of using the request attributes. Is this approach secure? Can a hacker add attributes to the request, or can this only be done from within my servlet?