Here is the way how i would implement security in my application , I would love to hear your suggestions and feasibility of this approach
All the secure pages will be in a folder say secure. so the tree looks like this
Now the actual way things are going to work is , the user goes to the login page and signs in .Upon validation from DB a cookie with maxage -1 containing Username and validation acceptance status "Sigin=true" is sent to the browser now when user accesses secure_page1.jsp its going to check for the cookie and validation status . Now suppose a user just accesses the secure page directly if the cookie is not found the user is directed to login.jsp.
Now if i were to go with this approach i would have to embed every page in the secure folder with the <c:if> tag checking for the cookie. I believe inserting <c:if> in every secure page would not be feasible , is there any other way i could get this ? I really need somekind of a servlet/mechanism listening on top of all the pages in the secure folder. such that
(address of secure_page1.jsp ) -> Validator ->Ok-> secure_page1.jsp. I remember reading something about a listener will that do a job ?? IS this mechanism feasible any suggestions ?? Should i be even validating using cookies ??