jQuery in Action, 3rd edition
The moose likes Servlets and the fly likes ServletRequest Attributes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » Servlets
Bookmark "ServletRequest Attributes" Watch "ServletRequest Attributes" New topic

ServletRequest Attributes

Lisa Modglin
Ranch Hand

Joined: Oct 28, 2003
Posts: 46
I'm reorganizing my JSPs and would like to implement a Servlet that I have that authenticates my users. After authenticated, I'd like to use the RequestDispatcher to go to a JSP page. From that JSP page, I need to be able to check whether or not the user was authenticated and I was thinking of using the request attributes. Is this approach secure? Can a hacker add attributes to the request, or can this only be done from within my servlet?
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63208

Scoped variables in the various scopes are safe from hackers. Anything is possible with enough determination, but it'd take hacking into the server to make such mischief...

With regards to your plan: frequently a servlet filter is used to check for authentication, and authentication information is usually stored in the session.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: ServletRequest Attributes
It's not a secret anymore!