We have an application having large number of JSP pages and servlets. Is there any easy way to impose page level authorization without having to go to each page to set it up?
i.e. If the user somehow gets to figure out the URL of some page to which he has no access, then an error message should be shown to him.
But the problem in implementing this solution is - How do we uniquely identify a JSP page? I guess, the servlet filter has to be implemented in such a way that it will read the jsp's unique identifier and then check whether the user is authorized to access it or not. But, for this approach, we will have to go to each of the hundreds of JSPs and assign it a unique identifier.
Is there a better way to handle it so that it can be done with less effort ?