Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

how to maintain security in jsp

 
vinodheee kumar
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if i have login.jsp and view .jsp
to see view.jsp, we should go through login.jsp
how i can make it...
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

Is the requirement that view.jsp should only ever be accessed through login.jsp? Or that view.jsp should only be accessed after a user has logged in (i.e., possibly some time after visiting login.jsp)?
If the former, you can set a request parameter for which you check in view.jsp. If it's missing, you redirect to login.jsp.
If the latter, then you can add parameter to the uer session.

It would be a better design to do these things in a servlet, though, and use JSPs for display purposes only.
[ April 26, 2006: Message edited by: Ulf Dittmer ]
 
vinodheee kumar
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for quick response?
this for session he should be logged in.But why should we servlet here?
why donot we use jsp?
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The very same question has been answered expertly just yesterday in this very forum.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!