Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Prevent intermediate access to any jsp page

 
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have created 4 jsp pages..namely login.jp,page2.jsp,page3.jsp and page4.jsp.
When the user clicks on next button of login.jsp then he is redirected to page1.jsp,likewise
the next button on page2 takes to page3 and of page3 takes to page4.jsp.

However if instead of that if he simply types the url of page3.jsp in the browser
he gets redirected to it.I want to restrict the user from doing this.

Could anyone kindly help as to what code do i need to include in my jsp page
to include this functionality.


Regards
 
Sheriff
Posts: 67750
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could track whether the user has already visited the previous pages in session and redirect to the first page that has yet to be visited.

This logic should be in the page controller servlets, not the JSP's themselves. No Java code should ever appear in a modern JSP.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thanks for the quick reply.I am really new to jsp and servlets.It will be really kind of you if you can elaborate a little more on Servlet Controller.If possible kindly provide some snippet.Looking forward to your help.

Regards.
 
Bear Bibeault
Sheriff
Posts: 67750
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you are new to JSP and Servlets, getting off onto the right foot and avoiding establishing bad habits is important. Rule #1: no Java code in JSPs! That's a bad practice that is almost 10 years out-of-date now, but is still inexplicably prevalent. Don;t fall into that trap!

You might find this article helpful in understanding exactly how JSPs operate. And this article explains controllers and proper web application structure.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thanks again for the quick reply.I'll go through the links that you have suggested.

Regards
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have two jsp files(page1.jsp and page2.jsp) that i have placed in the "WebContent\WEB-INF\jsp" folder.

Page1.jsp





I wrote servlet class Homeservlet inorder to provide access to page1:-




When i run the servlet from browser as http://localhost:8080/website/HomeServlet..then i am able to get the Page1.However on clicking the the ok button on Page1,i am not able to navigate to the next page i.e. Page2.Its showing HTTP 404 error(The requested resource (/Page2.jsp) is not available.)


Kindly help.

Regards
 
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You are willing to go to page2, but you are mentioning page1


In addition to this, as far as I know anything stored inside WEB-INF, can't be directly accessed by the client. You need an url-mapping for this, and inside that location.replace you need to pass that url.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thanks for the reply.By mistake i wrote it here as Page1.In the original code i have written it correctly as:-


Please elaborate a bit on URL-Mapping.It will be really nice of you if you could show me how do i write the url mapping for the code that i have posted previously.

Regards.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I believe you might have already done url-mapping for your servlet in web.xml. In the same way you need to add url-mapping for your jsp inside web.xml somewhat like this



And in location.replace(" http://localhost:8080/website/Hello");

After making changes in web.xml don't forget to restart the server.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I tried what you suggested.However its giving Error that the resource Hello is not found.
Does it mean that i need to write another servlet Hello.java :-



Kindly help.

Regards.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, you don't have to, because you are mapping a jsp page to /Hello. Please show us the web.xml.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thanks for the reply.Here's is the web.xml file content


Page1.jsp


Page2.jsp


And HomeServlet.java



Kindly help.

Regards.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Clear history, cookies etc from browser. Restart tomcat once again, and type the following url directly in the browser and let us know what happens. Otherwise everything looks fine.

http://localhost:8080/website/Hello

 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am getting the following http error:-

HTTP Status 404 - /website/Hello

type Status report

message /website/Hello

description The requested resource (/website/Hello) is not available.

Apache Tomcat/7.0.11


Regards.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Did you restart tomcat after changing web.xml, and have you saved Page2.jsp inside website/WEB-INF/jsp? Same things worked for me without any issues.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have restarted the server and the Page2.jsp is present in the required folder..yet am getting the same error.
If possible,do guide.

Regards
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your entire code worked for me without any changes. The only difference is I am on tomat6. May be we need to find out if something is different on Tomcat7.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For me it worked on Tomcat 7 as well.
 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you can use session.isNew()
 
Praveen Kumarji
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Has it got anything to do with sessions?? Its simply a 404 page not found error.
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Swastik:Thanks for your replies..I tried once again..still its not working for me.I am still getting 404 Error.However i don't think its going to serve my purpose because i don't want the user to get direct access to any jsp page.According to the solution that you provided,the user can still type in the url :-
http://localhost:8080/website/Hello and get direct access to Page2.
Please suggest some way through which i can restrict direct access.Do i need to create Session object?

Regards
 
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First of all I would say using javascript to generate links like that is not a good idea for two reasons
1. you are telling the actual URL to the browser, which can be seen so there is a security problem.
2. such hard binding is undesirable when code maintenance is concerned.

Now back to your original question,
as Bear said, you can place a controller in between which monitors page accesses and forwards or denies requests based on need.
If you are not getting that, you can set an attribute in the session created by the first JSP and check if it exists in second one, if not redirect. This is one of the simplest way of doing it
although not the best one.
Hope this helps
 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Amit:Thanks for the reply.I did follow Bear's advice and wrote a controller servlet to access the first jsp page(Page1.jsp).

However i don't have any idea as to how to access the second page(Page2.jsp) on clicking next button of Page1.jsp.Does it require writing another controller servlet for Page2.jsp?
Kindly help as i want to implement it in the best possible way.

Regards.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One servlet should be good enough to handle both the requests, and that is the real use of a controller servlet. As in the first request you are simply invoking the servlet, but when you call the servlet next time to show Page2, you may call it with some query parameters, and accordingly handle the request in servlet.



 
neha priya
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Swastik:Thanks for the reply.However the user can still access Page2 directly by typing in the url:-"http://localhost:8080/website/HomeServlet?pgname=Page2".
This should not be the case as we don't want the user to get direct access.

Regards.
 
Swastik Dey
Bartender
Posts: 2270
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How come the user knows about this url? Is he/she is going to look into your java script code? If you are worried even for that, keep that inside some .js file.
 
Saloon Keeper
Posts: 28063
198
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually, a more important thing to do would be to GET RID OF THE LOGIN URL!!!

This is a primary weakness on most Do-it-Yourself security systems. Many - probably most - of them expect people to use the system honestly. Bad Guys aren't honest, and they'll bypass the login page in a heartbeat if it gets them to the goodies.

Unless you have a nice big security budget and a bunch of paranoid professionals to ensure that each and every thing ever done to the webapp over its entire lifespan is secure, you're far better off using the J2EE builtin container-managed security system.

You do this be defining the login/loginfail JSPs in web.xml. These pages are never directly referenced by URL, Instead, when a user attempts to access a secured URL, the server takes over and presents the login page. Only if the login succeeds will the application forward to the application JSP and code. Otherwise the server will block the attempt and no URL games will get around it.

That will address the security problems and the best thing about it is that no application coding is required to make it work.

Of course, if you have a "page 2" that requires data from "page 1", that's not a security issue, it's a workflow issue. About the best you can do on that is to make page 2 reject any attempts to operate on missing data - possibly by redirecting to page 1 if the required info wasn't set up. The ability to directly access web pages can be a problem, but it's also a blessing, since directly-accessible pages can be bookmarked so that frequently-used functions can be rapidly accessed. When augmented by container-managed security, you can make an app both flexible AND secure.
 
Amit Ghorpade
Bartender
Posts: 2856
10
Firefox Browser Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Swastik Dey wrote:How come the user knows about this url? Is he/she is going to look into your java script code? If you are worried even for that, keep that inside some .js file.


With HTTP GET method, you see the URL in the address bar right?
 
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you should never use JS to perform navigation. I would have done below to perform the same thing.
i)make page1 as welcome file and create a session in this page(oneliner code).
ii)No need to write JS and onclick handler. Make and simple anchor and put css to look like button. put href="/controller?pagename=page2" in 2nd page, same repeat for other JSP.
iii)Simply you make a Servlet controller and pass a querystring("pagename") and check preexisting session like(httpsession session=request.getSession(false)), if exist then forward to pagename parameter value otherwise create a new session and forward to welcome page.
and your are done. Not sure whether it is a best approach but better.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic