aspose file tools*
The moose likes Servlets and the fly likes How to implement role model while accessing jsp pages? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to implement role model while accessing jsp pages?" Watch "How to implement role model while accessing jsp pages?" New topic
Author

How to implement role model while accessing jsp pages?

Prasenjit Singh
Greenhorn

Joined: Jan 24, 2013
Posts: 7
Here is the Problem definition :

I have a login page with comman table "login" which stores all login data with their role.

But after successful login how can I prevent from accessing other user pages. For example:

my url is /company/comphome.jsp under web-inf. But if any one manually types /user/userhome.jsp or /admin/adminhome.jsp in the url then he can access those page. More over they can do the features available.

One way to stop this is may be using the role. set session on role. Then check session on every page and redirect accordingly.

Is there any better way to do that?
Please let me know... any standard process or any link regarding this.



Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42599
    
  65
You don't need to do that in your own code, you can let the servlet container handle it by configuring access in web.xml: https://www.coderanch.com/how-to/java/ServletsFaq#security

On top of that, you can use the JSP tags that come with a library like Apache Shiro to customize your JSPs according to authenticated/unauthenticated users and their roles: http://shiro.apache.org/web.html


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to implement role model while accessing jsp pages?