File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Mechanism suggestion?

 
Rajesh Khan
Ranch Hand
Posts: 230
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is the way how i would implement security in my application , I would love to hear your suggestions and feasibility of this approach
All the secure pages will be in a folder say secure. so the tree looks like this


Now the actual way things are going to work is , the user goes to the login page and signs in .Upon validation from DB a cookie with maxage -1 containing Username and validation acceptance status "Sigin=true" is sent to the browser now when user accesses secure_page1.jsp its going to check for the cookie and validation status . Now suppose a user just accesses the secure page directly if the cookie is not found the user is directed to login.jsp.

Now if i were to go with this approach i would have to embed every page in the secure folder with the <c:if> tag checking for the cookie. I believe inserting <c:if> in every secure page would not be feasible , is there any other way i could get this ? I really need somekind of a servlet/mechanism listening on top of all the pages in the secure folder. such that
(address of secure_page1.jsp ) -> Validator ->Ok-> secure_page1.jsp. I remember reading something about a listener will that do a job ?? IS this mechanism feasible any suggestions ?? Should i be even validating using cookies ??


 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64192
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would use the session, not a cookie that can be disabled.

And never embed such goop on the pages -- use a servlet filter.

And, you should not be accessing JSP pages directly -- they should all go through a page controller as outlined in this article.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic