aspose file tools*
The moose likes JSP and the fly likes restricting access to a jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "restricting access to a jsp " Watch "restricting access to a jsp " New topic
Author

restricting access to a jsp

Rajiv Chelsea
Ranch Hand

Joined: Jun 15, 2010
Posts: 88
Hi,
I am just testing out writing a dynamic web project in eclipse.
I have a login.jsp page .. if the user is successfully logged in , he goes to success.jsp page.

How can i prevent the users from directly going to the success page by typing the url to success page..
For now, i have just hard coded the user name and password in a java class
Smitesh Shinde
Ranch Hand

Joined: Feb 16, 2008
Posts: 45

Store some value in the session attribute when user enters using login pae. Check for that attribute on success page if that is not present redirect the user back to login page.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Smitesh Shinde wrote:Store some value in the session attribute when user enters using login pae. Check for that attribute on success page if that is not present redirect the user back to login page.


Quite right. And do that check in a servlet filter, so that you don't have to put the code for the attribute check into every single page in your system.
leo donahue
Ranch Hand

Joined: Apr 17, 2003
Posts: 327
Rajiv Chelsea wrote:How can i prevent the users from directly going to the success page by typing the url to success page.


What web server are you using with Eclipse? Tomcat?

1. You could move your jsp files to a directory located in the WEB-INF directory of your webapp. Such as:


2. You could use a security-constraint in your web.xml and restrict access to the success.jsp using a url-pattern.

This is how Tomcat *secures* access to the Tomcat manager webapp, http://localhost:8080/manager/html



Thanks, leo
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

Quite right. And do that check in a servlet filter, so that you don't have to put the code for the attribute check into every single page in your system.


Do we need to hardcode anything specific taht should be set inside JSPs
and checked in Filters for this ??

Save India From Corruption - Anna Hazare.
Rajiv Chelsea
Ranch Hand

Joined: Jun 15, 2010
Posts: 88
Hi Smitesh and Paul
can you please provide some sample code to show how to do it in filters..
How to store a value in session when user goes to login.jsp
and check for the value when user goes to success.jsp
So that user cant go directly to success.jsp
How to do it all in a Filter
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: restricting access to a jsp