aspose file tools*
The moose likes Security and the fly likes security in jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "security in jsp" Watch "security in jsp" New topic
Author

security in jsp

Bandita Patel
Greenhorn

Joined: Mar 23, 2010
Posts: 25
Hi..

Suppose by appending abc.jsp in the given URL i am opening the file(abc.jsp) without entering in the Login page..i.e directly i am opening abc.jsp with out entering the login details.. How to disable this?
Please help me out.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

If your JSPs were under WEB-INF, you wouldn't have this problem.


[My Blog]
All roads lead to JavaRanch
Bandita Patel
Greenhorn

Joined: Mar 23, 2010
Posts: 25
Hi,

But normally we will put our JSPs inside Webcontent not inside WEB-INF.
Suppose i want to disable this without keeping my JSPs inside WEB-INF.. Then how can i proceed.. please reply me.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Normally ? No, normally you would keep your JSPs out of reach, which means putting them in a directory under WEB-INF.
Bandita Patel
Greenhorn

Joined: Mar 23, 2010
Posts: 25
but is there any way to add security for this with out keeping JSPs inside WEB-INF?
Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
I think what your looking for is session management and session variables.

I don't know a lot about that in JSP, but I would start searching there.

If you want someone to login before they can view a page, you'd first confirm they've established a session appropriately and then decide whether or not to display a page.
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
You can create a custom JSP tag and have the security related code here. Then put the tag in each JSP page that you want to secure. If user is not properly logged in, then page will never show.




 
Don't get me started about those stupid light bulbs.
 
subject: security in jsp