• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to restrict access to a servlet or jsp?

 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everybody, I am Chaitanya, I am using sessions to restrict access to a page i the user has not signed in. Once signs in he can call the particular page.

Now I have two users, with different roles for each. One is the administrator, another is ordinary user. The administrator can create a new user by requesting new_user.jsp page.

The page looks some what like this

Once the admin or ordinary user logins, loginSucess session attribute will be holding the user ID. So who ever calls this page, they can create a new user.

The ordinary user should not be able to access this page.

So my idea is to create two different session attributes, adminSession for admin and userSession for user.

This time if the ordinary user sends a request for this page he cant access it.



Otherwise I am having another idea. In this case there will be a single session which stores the user ID and the new_user.jsp page is placed in WEB-INF older. Then the user request fors a servlet first. The servlet will decide whether the user has administrative privileges or not by connecting to the database. If the user has admin privileges the page is served otherwise no.

But in the second alternative, I don't know how to serve web pages from WEB-INF folder.


Is this the right way? Can I do like this? Or there is another method to do this?

Thank you all in advance. Have a good day.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64623
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds like you are over-complicating something that's really a simple if-statement.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Hi Bear, I didn't get what you were saying. Should I go with session?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64623
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Should I go with session?

For what?

If the only variable is whether the user is an admin or not, simply record that info along with whatever you are using in the session to store the info for the logged-in user. There's no need to over-complicate matters.
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Bear.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic