wood burning stoves*
The moose likes JSP and the fly likes User access Restrictions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "User access Restrictions" Watch "User access Restrictions" New topic
Author

User access Restrictions

Rahul Ashar
Greenhorn

Joined: Apr 01, 2007
Posts: 20
Hi All,
I m working on a web project where several
pages are used by variety of user roles (users have different
authorities for the application).
There are few users how have a application login but do not have authority to view some of the pages.

I need to restrict users from getting the restricted pages (not meant for
his/her authority), mearly by typing the url of those pages. I have set in the role id in the session but is there any way that I can secure pages from being accessed by un-authorised users (although having a valid id but no Previliges).

I had thought of adding a verfication on each jsp page but not sure whether it is good in terms of the maintainance and adding pages.

Regards,
Rahul
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30138
    
150

Rahul,
If we are talking about good practice, it would be better to have the JSPs only available via redirection from a servlet.

In any case, take a look at Servlet Filters. You can encode the security logic there and intercept the request if the user doesn't have the right role id for a page.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: User access Restrictions
 
Similar Threads
Navigation problem
Spring security - Mysql - problem
How to get client NT ID from JSP
Maintaining Session
Does this situation need filter?