• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to stop user to acces directly inner page of a website

 
santosh kimothi
Ranch Hand
Posts: 32
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
suppose a user enters directly inner page uri without authentication, then by default it displays that page.

how can i disable this action, means anybody without login should not be able to see the inner pages...
 
manoj r patil
Ranch Hand
Posts: 181
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you validating the session on each page? I guess internal page means the pages hosted as part of your web application.
 
samir singha
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use servlet to set a session attribute of a request say "login" to true or false by using the password check mehtod you created. Every inner jsp page should get the login attribute and check whether it is true or false. if the login attribute is false or null redirect the page to login page of your application.
 
samir singha
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any better idea on this topic???
 
Anirvan Majumdar
Ranch Hand
Posts: 261
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try setting up the <security-constraint> and <web-resource-collection> in your web descriptor. That should work just fine.
 
Somnath Ghalimath
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The other efficient way of achieving this is by using filters. As any incoming request should and must go through the filter, In the filter you can have the authentication logic which prevents the illegal access of secured pages.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic