File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes User access Restrictions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "User access Restrictions" Watch "User access Restrictions" New topic

User access Restrictions

Rahul Ashar

Joined: Apr 01, 2007
Posts: 20
Hi All,
I m working on a web project where several
pages are used by variety of user roles (users have different
authorities for the application).
There are few users how have a application login but do not have authority to view some of the pages.

I need to restrict users from getting the restricted pages (not meant for
his/her authority), mearly by typing the url of those pages. I have set in the role id in the session but is there any way that I can secure pages from being accessed by un-authorised users (although having a valid id but no Previliges).

I had thought of adding a verfication on each jsp page but not sure whether it is good in terms of the maintainance and adding pages.

Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 32822

If we are talking about good practice, it would be better to have the JSPs only available via redirection from a servlet.

In any case, take a look at Servlet Filters. You can encode the security logic there and intercept the request if the user doesn't have the right role id for a page.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
I agree. Here's the link:
subject: User access Restrictions
jQuery in Action, 3rd edition