This week's book giveaway is in the Java in General forum.
We're giving away four copies of Think Java: How to Think Like a Computer Scientist and have Allen B. Downey & Chris Mayfield on-line!
See this thread for details.
Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security in jsp

 
Bandita Patel
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi..

Suppose by appending abc.jsp in the given URL i am opening the file(abc.jsp) without entering in the Login page..i.e directly i am opening abc.jsp with out entering the login details.. How to disable this?
Please help me out.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If your JSPs were under WEB-INF, you wouldn't have this problem.
 
Bandita Patel
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

But normally we will put our JSPs inside Webcontent not inside WEB-INF.
Suppose i want to disable this without keeping my JSPs inside WEB-INF.. Then how can i proceed.. please reply me.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Normally ? No, normally you would keep your JSPs out of reach, which means putting them in a directory under WEB-INF.
 
Bandita Patel
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
but is there any way to add security for this with out keeping JSPs inside WEB-INF?
 
Chad Step
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think what your looking for is session management and session variables.

I don't know a lot about that in JSP, but I would start searching there.

If you want someone to login before they can view a page, you'd first confirm they've established a session appropriately and then decide whether or not to display a page.
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can create a custom JSP tag and have the security related code here. Then put the tag in each JSP page that you want to secure. If user is not properly logged in, then page will never show.




 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic