This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I want to authenticate users from a list of users in a database, using a custom build form to log-in. I know there are things that can be configured in the web.xml but any tutorials I found dont explian about using a database for the list of users. I also want to restrict the servlets and jsps I have already created to only authenticated users.
Also there are 2 kinds of users that will have access to different pages.
I currently have a login page that validates the credentials against the database. It then forwards the user onto a page according to their acces level or back to the login page with a message if the credntials dont match.
My problem now is how to make all the other pages besides the login page accessible only to the appropriate user(s).
I could put a huge if statement around the entire page to check what the user's access level is which is contained within the session and to display the page according to that, but that just seems like an awful solution.
Assuming you are forwarding to the other pages via a controller or such, you can just check their access level before dispatching to any of the pages, and if they do not have the appropriate access level, forward them to a page with an appropriate message.
Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
Joined: May 29, 2009
Yes. Thats what im doing at the moment. The problem I have is this is not secure enough as a user could just type the url of a paticular page. The system needs to be fairly secure as it could contain confidential information and will be available on the internet.