• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Access question

 
village idiot
Posts: 1208
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm working on Servlets 4b, and I have a question!
If someone knows the name of one of the jsp pages and types it in the address bar of their browser, should the page display at all? I don't see how you can avoid the page being displayed, but if the user didn't enter through the login page with the correct password, then the jsp shouldn't be able to use the servlet. Is that a fair assessment?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want all JSP access to go through one of your servlets first (which then dispatches to the JSP), you could have the servlet set a request attribute (say, "beenThroughServlet"). The JSP can then check for the presence of this attribute, and if it's missing, redirect to some error page.

Alternatively, move all your JSP pages to a directory that is not publicly accessible (e.g. inside of WEB-INF). Servlets would still be able to do a forward to them.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic