• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to implement role model while accessing jsp pages?

 
Prasenjit Singh
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is the Problem definition :

I have a login page with comman table "login" which stores all login data with their role.

But after successful login how can I prevent from accessing other user pages. For example:

my url is /company/comphome.jsp under web-inf. But if any one manually types /user/userhome.jsp or /admin/adminhome.jsp in the url then he can access those page. More over they can do the features available.

One way to stop this is may be using the role. set session on role. Then check session on every page and redirect accordingly.

Is there any better way to do that?
Please let me know... any standard process or any link regarding this.



 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need to do that in your own code, you can let the servlet container handle it by configuring access in web.xml: https://www.coderanch.com/how-to/java/ServletsFaq#security

On top of that, you can use the JSP tags that come with a library like Apache Shiro to customize your JSPs according to authenticated/unauthenticated users and their roles: http://shiro.apache.org/web.html
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic