This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes How to prevent users from bypassing the flow of the pages? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "How to prevent users from bypassing the flow of the pages?" Watch "How to prevent users from bypassing the flow of the pages?" New topic
Author

How to prevent users from bypassing the flow of the pages?

cle tan
Ranch Hand

Joined: Jun 11, 2012
Posts: 68
Let's say I have 3 jsp pages

page1.jsp->page2.jsp->page3.jsp
the person keys in the parameters for page1.jsp

page2.jsp authenticates whether the person is allowed to get data from database, if not it will throw exception message displayed in error page.

page3.jsp will then display the data in database.

Note: no servlet is used, authentication server code is on page2.jsp, there is some server code (if else ), but with functions imported from class.

Currently, it is using a session previous url to prevent from bypassing the flow of pages
This means when a user is at page1.jsp (Session data: previousurl='page1.jsp')
and is trying to access page3.jsp, there will be an error message.

However, I am not very sure session data can be easily manipulated, which might cause some security issues.

One suggestion is servlet with filters, but I am not able to find some examples on the web for preventing bypassing of pages.
 
Don't get me started about those stupid light bulbs.
 
subject: How to prevent users from bypassing the flow of the pages?
 
Similar Threads
Assigning String object to bean class reference variable/jsp:usebean issue
how to prepopulate FormBean
Design question
help for jsf
Pass data between managed/ backing beans