File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User access Restrictions

 
Rahul Ashar
Greenhorn
Posts: 20
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I m working on a web project where several
pages are used by variety of user roles (users have different
authorities for the application).
There are few users how have a application login but do not have authority to view some of the pages.

I need to restrict users from getting the restricted pages (not meant for
his/her authority), mearly by typing the url of those pages. I have set in the role id in the session but is there any way that I can secure pages from being accessed by un-authorised users (although having a valid id but no Previliges).

I had thought of adding a verfication on each jsp page but not sure whether it is good in terms of the maintainance and adding pages.

Regards,
Rahul
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 33670
316
Eclipse IDE Java VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rahul,
If we are talking about good practice, it would be better to have the JSPs only available via redirection from a servlet.

In any case, take a look at Servlet Filters. You can encode the security logic there and intercept the request if the user doesn't have the right role id for a page.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic