• Post Reply Bookmark Topic Watch Topic
  • New Topic

JSP security

 
Sam Cruise
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello,

I am trying to secure over 200 jsp pages which do not have session tracking properly implemented.

the only option i can think of now is to enter code in each page to check for an existing session. but this would be very time-consuming.

Is there another more efficient way of doing this ?
eg. configuring the servlet container to limit access to users that have a session thats current ?

thanks in advance,
Sam
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65522
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All users will have a current session. What is it that you are really trying to detect? A session scoped variable?

In any case, you might want to look into servlet filters.
[ August 30, 2005: Message edited by: Bear Bibeault ]
 
Sam Cruise
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
bascially if a user is not logged in, I don't want them to be able to access a secure page by typing in the URL. the problem is that to enforce this I will have to add code to over 200 jsp pages.....
 
David Ulicny
Ranch Hand
Posts: 724
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maybe you can use declarative security in web.xml
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could write a filter that checks for a "logged in" status before allowing access to the page.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!