I have a login page with comman table "login" which stores all login data with their role.
But after successful login how can I prevent from accessing other user pages. For example:
my url is /company/comphome.jsp under web-inf. But if any one manually types /user/userhome.jsp or /admin/adminhome.jsp in the url then he can access those page. More over they can do the features available.
One way to stop this is may be using the role. set session on role. Then check session on every page and redirect accordingly.
Is there any better way to do that?
Please let me know... any standard process or any link regarding this.
On top of that, you can use the JSP tags that come with a library like Apache Shiro to customize your JSPs according to authenticated/unauthenticated users and their roles: http://shiro.apache.org/web.html