Win a copy of Head First Agile this week in the Agile forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Securing jsp files and images  RSS feed

 
Christopher Whu
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I used to use coldfusion and session security was easy...

I am not sure how to do this on JSP. i want MY client to be able to add HIS clients and give his clients passwords...

his clients would only have access to there particular web galleries.

Need some general ideas....
[ October 09, 2008: Message edited by: Bear Bibeault ]
 
Vinod K Singh
Ranch Hand
Posts: 198
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can put jsps under WEB-INF directory then no one can access them directly and use server side forwards to serve them to clients. As you want to protect them using user name/password, make good use of filters to ward off unwanted users to have a look at those pages/images.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you use servlet security then there is really no need to put JSP pages inside of WEB-INF. (There are other good reasons to do so, though, like preventing direct access to them.)

Have a read of http://faq.javaranch.com/java/ServletsFaq#security for some starting points.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!