aspose file tools*
The moose likes JSP and the fly likes how t prevent the user to access certain link Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "how t prevent the user to access certain link" Watch "how t prevent the user to access certain link" New topic
Author

how t prevent the user to access certain link

Revanth reddy
Ranch Hand

Joined: Oct 10, 2008
Posts: 52
Hey Ranchers,
i have a small question. I am implementing small web application.it has 4 links under the main menu Lookup, add, update and delete. i am trying to implement the Role based acees here. lookup link can be viewed by any one, but add, delete and updated will be viewd by once particular user role people. even this is also working fine. ( i am checking this from login page, taking the user name and checking is it configured againist the user role, if it yes then displaying the link, if not hiding them)but the main problem is if the type the url to the main menu say (http://localhost:8080/App/mainMenu.jsp)on the brower it is displaying the all the link with out checking the user role. how do we eleminate this ??

thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61766
    
  67

You need to check the role on more than just the login page, it should be information available to all parts of the web application. One way is to include the role information in whatever session variable is used to indicate that the user is logged in. That way, simple <c:if> blocks on the page can determine if controls or sections need to be displayed or not based upon roles.

You are also checking roles once an action is submitted to make sure that the user has the authority to execute the operation. Right? Just hiding UI controls is not sufficient security.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Revanth reddy
Ranch Hand

Joined: Oct 10, 2008
Posts: 52
Thankyou so much for your reply...
RaviNada Kiran
Ranch Hand

Joined: Jan 30, 2009
Posts: 528
Getting role_name on jsp page

if(request.isUserInRole(ROLE_MYROLE))


so depending upon the role name dynamically load a div tag which consists of links there .


If you want something you never had do something which you had never done
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

RaviNada Kiran wrote:Getting role_name on jsp page
if(request.isUserInRole(ROLE_MYROLE))


Hi RaviNada , Discourage the scriplet in jsp
RaviNada Kiran
Ranch Hand

Joined: Jan 30, 2009
Posts: 528
You are right , not so expereinced as you , just gave an idea
Revanth reddy
Ranch Hand

Joined: Oct 10, 2008
Posts: 52
nyways Thanks for the replies guys...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how t prevent the user to access certain link