File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Page level authorization

 
Preeti Prabhakar
Greenhorn
Posts: 12
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

We have an application having large number of JSP pages and servlets. Is there any easy way to impose page level authorization without having to go to each page to set it up?
i.e. If the user somehow gets to figure out the URL of some page to which he has no access, then an error message should be shown to him.

Thanks!
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64178
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Filters.
 
Preeti Prabhakar
Greenhorn
Posts: 12
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the quick response.

But the problem in implementing this solution is - How do we uniquely identify a JSP page? I guess, the servlet filter has to be implemented in such a way that it will read the jsp's unique identifier and then check whether the user is authorized to access it or not. But, for this approach, we will have to go to each of the hundreds of JSPs and assign it a unique identifier.
Is there a better way to handle it so that it can be done with less effort ?

Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64178
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You shouldn't be addressing JSPs at all -- you should be addressing the page controller for the JSP. Or are you still following Model 1?

In any case, the filter can identify the target by its unique URL.
 
Manjesh Patil
Ranch Hand
Posts: 42
Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You can protect the URLs using security -constraint tags in web.xml file


regards
Ma

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64178
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That assumes container-based authentication. And it's hard to apply on a page by page basis.
 
Manjesh Patil
Ranch Hand
Posts: 42
Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree. But what I understand from mail is that , the developer is trying to apply high level authorisation to the URL (allow/deny).

If all my jsps are in the path : /jsp/example/ I can still uses security-constraint tag to protect /jsp/example/*.jsp same way for Servlets.

regards
Ma
 
vinayak jog
Ranch Hand
Posts: 81
MySQL Database Netbeans IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is a very simple solution override the HttpServletResponse's sendredirect method using HttpServletResponseWrapper. You can write your own customized redirect method .
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic