It's not a secret anymore!
The moose likes JSP and the fly likes Security Mechanism suggestion? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Security Mechanism suggestion?" Watch "Security Mechanism suggestion?" New topic

Security Mechanism suggestion?

Rajesh Khan
Ranch Hand

Joined: Oct 16, 2011
Posts: 230
Here is the way how i would implement security in my application , I would love to hear your suggestions and feasibility of this approach
All the secure pages will be in a folder say secure. so the tree looks like this

Now the actual way things are going to work is , the user goes to the login page and signs in .Upon validation from DB a cookie with maxage -1 containing Username and validation acceptance status "Sigin=true" is sent to the browser now when user accesses secure_page1.jsp its going to check for the cookie and validation status . Now suppose a user just accesses the secure page directly if the cookie is not found the user is directed to login.jsp.

Now if i were to go with this approach i would have to embed every page in the secure folder with the <c:if> tag checking for the cookie. I believe inserting <c:if> in every secure page would not be feasible , is there any other way i could get this ? I really need somekind of a servlet/mechanism listening on top of all the pages in the secure folder. such that
(address of secure_page1.jsp ) -> Validator ->Ok-> secure_page1.jsp. I remember reading something about a listener will that do a job ?? IS this mechanism feasible any suggestions ?? Should i be even validating using cookies ??

Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63343

I would use the session, not a cookie that can be disabled.

And never embed such goop on the pages -- use a servlet filter.

And, you should not be accessing JSP pages directly -- they should all go through a page controller as outlined in this article.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: Security Mechanism suggestion?
jQuery in Action, 3rd edition