File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes Problem with Web Application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Problem with Web Application" Watch "Problem with Web Application" New topic
Author

Problem with Web Application

Nagendra Suresh
Greenhorn

Joined: Dec 29, 2012
Posts: 6
Hi Everyone this is my first post . Hoping I will learn a lot of things here .

I have created a sample Java based web application . My application runs on Tomcat .Also my application has only JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41816
    
  62
That's what the servlet security mechanism is for; start reading here: https://www.coderanch.com/how-to/java/ServletsFaq#security. That way, the JSPs need not be inside of WEB-INF, but are protected from unauthorized access by the servlet container anyway.


Ping & DNS - my free Android networking tools app
Nagendra Suresh
Greenhorn

Joined: Dec 29, 2012
Posts: 6
[Ulf Dittmer] : Thanks for the reply , I will read it and try to get it working . I have one question , Currently in my login page I have created my own function to check if the entered credentials are present in a database .If the login is correct I redirect i to another page . However the link you provided says the post should be to 'j_security_check' . If i have understood things correctly the 'j_security_check' is nothing but the function I have written to check if the entered credentials are correct ?Please correct me If I am wrong
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41816
    
  62
Security is easy to wrong (and thus result in an insecure system); it's better to rely on the built-in mechanisms of the servlet container - which are well tested and debugged.
Surendra Pandey
Greenhorn

Joined: Dec 24, 2009
Posts: 2
kaage me wrote:Hi Everyone this is my first post . Hoping I will learn a lot of things here .

I have created a sample Java based web application . My application runs on Tomcat .Also my application has only JSP files .In the application I have a login page.If login is successful the user will be redirected to another page .However the problem is if I enter the link to the jsp file directly in the browser it opens up . This should not be the case :-( . I have read several posts on putting all the JSP files under the WEB-INF directory , however this leads to another problem . In my application I have links to other JSP files using <a href> , When I click on the link it says Page not found error because of placing them in the WEB-INF folder . So basically I would like to get help on is . How to restrict access to the JSP files if a user has not gone through the login page. When the user enters the link to a JSP file directly he should not be able to see the page if he has not logged in .



you can use filter mechanism for the same...

Please see implementation of filter.........
Nagendra Suresh
Greenhorn

Joined: Dec 29, 2012
Posts: 6
[Ulf Dittmer] : Thank you for pointing me out to the links , they were very useful . I have implemented the servlet security mechanism in tomcat with JDBC Realms and it worked well . The pages cannot be directly accessed now.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with Web Application