• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

restrict user typing the url explicitly

 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi Folks,

i find that even when explicitly write the url then i am able to load the jsp page how can i restrict user in doing so

say for example my url is http://xyz.co.in
say it open the login page for the above one.
apart from using the gui I type in the url explicitly as say http://xyz.co.in/user=asdf&pass=xyz....?
then i am able to login and it takes me to the next jsp page which i do not want.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can restrict the use of a GET by only implementing doPost() in your servlet.
 
siddhu Math
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No i do not want to use do post method for restricting any other way
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Seems to me you would have to go to some sort of universal user tracking system that uses a filter to look at each request and decide if the user is authorized and in the proper state before sending the request on to the jsp.

Bill
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by siddhu Math:
No i do not want to use do post method for restricting any other way


Why don't you want to use the post method for a logon screen? It's not secure to have user's passwords in the history.
 
siddhu Math
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
my issue is not with the post actually the module has already been done and i cannot now go place dopost() method at each and every action class.so i just need one more alternate way such that any user types at the url it must not navigate to the next jsp page .
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One way of ensuring that JSP pages are not accessed directly -but only through servlets/actions- is to set a request scope attribute in the servlet/action (e.g. "servlet"=1), and then to check that the attribute is present in the JSP. If it isn't, you can redirect or forward to some appropriate page.
[ January 10, 2008: Message edited by: Ulf Dittmer ]
 
reply
    Bookmark Topic Watch Topic
  • New Topic