File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Security Mechanism suggestion? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Security Mechanism suggestion?" Watch "Security Mechanism suggestion?" New topic

Security Mechanism suggestion?

Rajesh Khan
Ranch Hand

Joined: Oct 16, 2011
Posts: 230
Here is the way how i would implement security in my application , I would love to hear your suggestions and feasibility of this approach
All the secure pages will be in a folder say secure. so the tree looks like this

Now the actual way things are going to work is , the user goes to the login page and signs in .Upon validation from DB a cookie with maxage -1 containing Username and validation acceptance status "Sigin=true" is sent to the browser now when user accesses secure_page1.jsp its going to check for the cookie and validation status . Now suppose a user just accesses the secure page directly if the cookie is not found the user is directed to login.jsp.

Now if i were to go with this approach i would have to embed every page in the secure folder with the <c:if> tag checking for the cookie. I believe inserting <c:if> in every secure page would not be feasible , is there any other way i could get this ? I really need somekind of a servlet/mechanism listening on top of all the pages in the secure folder. such that
(address of secure_page1.jsp ) -> Validator ->Ok-> secure_page1.jsp. I remember reading something about a listener will that do a job ?? IS this mechanism feasible any suggestions ?? Should i be even validating using cookies ??

Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63866

I would use the session, not a cookie that can be disabled.

And never embed such goop on the pages -- use a servlet filter.

And, you should not be accessing JSP pages directly -- they should all go through a page controller as outlined in this article.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: Security Mechanism suggestion?
jQuery in Action, 3rd edition