wood burning stoves*
The moose likes Servlets and the fly likes ServletRequest Attributes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "ServletRequest Attributes" Watch "ServletRequest Attributes" New topic

ServletRequest Attributes

Lisa Modglin
Ranch Hand

Joined: Oct 28, 2003
Posts: 46
I'm reorganizing my JSPs and would like to implement a Servlet that I have that authenticates my users. After authenticated, I'd like to use the RequestDispatcher to go to a JSP page. From that JSP page, I need to be able to check whether or not the user was authenticated and I was thinking of using the request attributes. Is this approach secure? Can a hacker add attributes to the request, or can this only be done from within my servlet?
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 60782

Scoped variables in the various scopes are safe from hackers. Anything is possible with enough determination, but it'd take hacking into the server to make such mischief...

With regards to your plan: frequently a servlet filter is used to check for authentication, and authentication information is usually stored in the session.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
I agree. Here's the link: http://aspose.com/file-tools
subject: ServletRequest Attributes
Similar Threads
Retrieving data from a servlet then forward to JSP page
Could we say that pageContext attributes have JSP servlet scope?
problem in displaying error in jsp page
Retrive authenticated user attributes from Active Directory using principle obj from request
jsp-servlts erro