• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem with Web Application

 
Nagendra Suresh
Greenhorn
Posts: 6
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone this is my first post . Hoping I will learn a lot of things here .

I have created a sample Java based web application . My application runs on Tomcat .Also my application has only JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's what the servlet security mechanism is for; start reading here: https://www.coderanch.com/how-to/java/ServletsFaq#security. That way, the JSPs need not be inside of WEB-INF, but are protected from unauthorized access by the servlet container anyway.
 
Nagendra Suresh
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[Ulf Dittmer] : Thanks for the reply , I will read it and try to get it working . I have one question , Currently in my login page I have created my own function to check if the entered credentials are present in a database .If the login is correct I redirect i to another page . However the link you provided says the post should be to 'j_security_check' . If i have understood things correctly the 'j_security_check' is nothing but the function I have written to check if the entered credentials are correct ?Please correct me If I am wrong
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security is easy to wrong (and thus result in an insecure system); it's better to rely on the built-in mechanisms of the servlet container - which are well tested and debugged.
 
Surendra Pandey
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
kaage me wrote:Hi Everyone this is my first post . Hoping I will learn a lot of things here .

I have created a sample Java based web application . My application runs on Tomcat .Also my application has only JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .



you can use filter mechanism for the same...

Please see implementation of filter.........
 
Nagendra Suresh
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[Ulf Dittmer] : Thank you for pointing me out to the links , they were very useful . I have implemented the servlet security mechanism in tomcat with JDBC Realms and it worked well . The pages cannot be directly accessed now.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic