Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Blocking Direct URL access in web application

 
Ravi Sankar
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to restrict the direct url access in the unauthorized user's session? It's working fine with the new browser without login into the application. But when the low level user logins into the application, he can able to access the unauthorized screens by providing the direct link in the browser. Can anybody help me to solve this issue?
 
Tim Holloway
Bartender
Posts: 18419
60
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A URL is a URL. All you can do is restrict URLs according to your security system. I often have apps that have a free-access welcome page, user-restricted functionality pages and another groups of URLs that are accessible only by administrators.

I recommend container-managed authorization, because that way you don't have to code URL security into your app - just set up the roles and rules in web.xml.
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could create a custom JSP tag that executes authorization before processing the rest of the page. For all pages that require authorization, place this custom tag in the source code for the JSP page.

When a user attemps to view the page, if he/she is not authorized, then they cannot view the page.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!