Forums Register Login

User access Restrictions

+Pie Number of slices to send: Send
Hi All,
I m working on a web project where several
pages are used by variety of user roles (users have different
authorities for the application).
There are few users how have a application login but do not have authority to view some of the pages.

I need to restrict users from getting the restricted pages (not meant for
his/her authority), mearly by typing the url of those pages. I have set in the role id in the session but is there any way that I can secure pages from being accessed by un-authorised users (although having a valid id but no Previliges).

I had thought of adding a verfication on each jsp page but not sure whether it is good in terms of the maintainance and adding pages.

Regards,
Rahul
+Pie Number of slices to send: Send
Rahul,
If we are talking about good practice, it would be better to have the JSPs only available via redirection from a servlet.

In any case, take a look at Servlet Filters. You can encode the security logic there and intercept the request if the user doesn't have the right role id for a page.
What do you have to say for yourself? Hmmm? Anything? And you call yourself a tiny ad.
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 1548 times.
Similar Threads
Maintaining Session
Navigation problem
Spring security - Mysql - problem
Does this situation need filter?
How to get client NT ID from JSP
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 16:51:36.