Win a copy of Java Concurrency Live Lessons this week in the Threads forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

restrict user typing the url explicitly  RSS feed

 
siddhu Math
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi Folks,

i find that even when explicitly write the url then i am able to load the jsp page how can i restrict user in doing so

say for example my url is http://xyz.co.in
say it open the login page for the above one.
apart from using the gui I type in the url explicitly as say http://xyz.co.in/user=asdf&pass=xyz....?
then i am able to login and it takes me to the next jsp page which i do not want.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can restrict the use of a GET by only implementing doPost() in your servlet.
 
siddhu Math
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No i do not want to use do post method for restricting any other way
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Seems to me you would have to go to some sort of universal user tracking system that uses a filter to look at each request and decide if the user is authorized and in the proper state before sending the request on to the jsp.

Bill
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 36463
464
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by siddhu Math:
No i do not want to use do post method for restricting any other way

Why don't you want to use the post method for a logon screen? It's not secure to have user's passwords in the history.
 
siddhu Math
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
my issue is not with the post actually the module has already been done and i cannot now go place dopost() method at each and every action class.so i just need one more alternate way such that any user types at the url it must not navigate to the next jsp page .
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One way of ensuring that JSP pages are not accessed directly -but only through servlets/actions- is to set a request scope attribute in the servlet/action (e.g. "servlet"=1), and then to check that the attribute is present in the JSP. If it isn't, you can redirect or forward to some appropriate page.
[ January 10, 2008: Message edited by: Ulf Dittmer ]
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!