Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Preventing direct access to a redirected page

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everybody,
I have the following scenario:
1)I have a jsp A.
2)Jsp A submits to a servlet B.
3)Servlet B checks the request parameters with the database and decides whether to forward to jsp C
4)If required conditions are not satisfied in 3, the user is redirected to an html error page.

Now the problem is i don't want the user accessing the jsp C directly with its url but access it only via the servlet.
If the user tries to access the page C directly, then he/she should be redirected to a page which shows the access is invalid.
How can i implement this?.
Any ideas would be much welcome.
 
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is customary to place JSPs under a folder within WEB-INF. There, they cannot be served directly and can only be accessed via a forward from another resource (such as a servlet).
 
Peter Maxwell
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:It is customary to place JSPs under a folder within WEB-INF. There, they cannot be served directly and can only be accessed via a forward from another resource (such as a servlet).



Thanks a lot sheriff!. I didn't think the solution would be that simple.
 
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
another way, if you have trouble using JSPs under WEB-INF:

set a parameter in the request object. Request objects are shared accross forwards. Check this parameter on the destination, all the page to be displayed if set, else give error.

 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Himanshu Kansal wrote:another way, if you have troube using JSPs under WEB-INF:


What trouble could there be?

There's no need to put all that goop on the controllers and pages -- the WEB-INF folder (and below) cannot be served by direct URL.
 
Himanshu Kansal
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
At times the codebase is not available and the container tries to look for the files under folders under context-root

Also, there could be a problem in accessing a jsp from another from under WEB-INF (eg: a post under Struts forum)
Business might not want to display the complete path of the JSP
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Himanshu Kansal wrote:At times the codebase is not available and the container tries to look for the files under folders under context-root


I am not understanding what you are trying to say.

Also, there could be a problem in accessing a jsp from another from under WEB-INF (eg: a post under Struts forum)


How so? If a JSP needs to be directly accessible, it should not be under WEB-INF. If it needs to be hidden, it should be under WEB-INF. Simple. There's no need for extra goop on the pages to make things complicated and create coupling problems.

Business might not want to display the complete path of the JSP


Again, your point is not clear.
 
author & internet detective
Posts: 40913
840
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Himanshu Kansal wrote:Also, there could be a problem in accessing a jsp from another from under WEB-INF (eg: a post under Struts forum)


I've done this - it works. Maybe they should address that problem before moving on to kludgy workarounds?

Himanshu Kansal wrote:Business might not want to display the complete path of the JSP


And they shouldn't. That's why you use a forward to the JSP in the first place.
 
Himanshu Kansal
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree with all that (not that it matters ). All I tried to give was another efficient way of doing something if the first one didnt work. Options are always more the better.
 
Bear Bibeault
Sheriff
Posts: 67618
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My point is that the first way always works. A second solution (which is far from efficient -- it's very messy, in fact, adding unnecessary goo on the pages and enforcing strong coupling) is unecessary and confusing.

By the way, welcome to the Ranch!
 
Jeanne Boyarsky
author & internet detective
Posts: 40913
840
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Himanshu Kansal wrote:I agree with all that (not that it matters ). All I tried to give was another efficient way of doing something if the first one didnt work. Options are always more the better.


True. Although it also helps to be very clear which way is recommended so someone doesn't go with a hack before investigating the standard way properly.
 
I'm not sure if I approve of this interruption. But this tiny ad checks out:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic