Re: Denying access to a JSP page directly
- From: Manish Pandit <pandit.manish@xxxxxxxxx>
- Date: Wed, 03 Oct 2007 10:10:40 -0700
On Oct 3, 3:27 am, Sameer <dolph...@xxxxxxxxx> wrote:
Dear All,
My login page is index.html.
It accepts username/password there.
Validates it using validate.jsp and redirect it to main.jsp for
further processing.
But i noted that without using index.html, one can go directly to
main.jsp using address bar.
To avoid this i have done this.
I have added this code to validate.jsp
{
%>
<jsp:forward page="main.jsp">
<jsp:param name="security" value="secured" />
</jsp:forward>
<%
response.sendRedirect("main.jsp");}
%>
As the validate.jsp do not submit any form i have to use the forward
tag.
Now i check this at the start of main.jsp.
<%
try {
String is_secure = request.getParameter("security");}
catch (NullPointerException npe)
{
response.sendRedirect("secure.html");}
%>
If the user directly goes to main.jsp then this code will throw the
NullPointerException.
The code throws the exception (as seen on the console) but it do not
redirect it to secure.html.
Why this may be?
Is this the right approach? Any suggestions?
Thanks in advance.
This is often achieved via a Servlet Filter. Add a filter, and check
for a session variable and/or a cookie that indicates a successful
auth. If no auth, redirect the user to login page, if auth'd, let him
pass. I am sure you'd find a lot of examples by Googling around on
usage of Servlet Filters to check authentication.
-cheers,
Manish
.
- References:
- Denying access to a JSP page directly
- From: Sameer
- Denying access to a JSP page directly
- Prev by Date: Re: Web Services Java client question
- Next by Date: Re: Arrays.asList() doesn't work quite like I would think it should
- Previous by thread: Re: Denying access to a JSP page directly
- Next by thread: Searching an input buffer
- Index(es):
Relevant Pages
|
|
