• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

how to stop user to acces directly inner page of a website

 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
suppose a user enters directly inner page uri without authentication, then by default it displays that page.

how can i disable this action, means anybody without login should not be able to see the inner pages...
 
Ranch Hand
Posts: 182
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you validating the session on each page? I guess internal page means the pages hosted as part of your web application.
 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use servlet to set a session attribute of a request say "login" to true or false by using the password check mehtod you created. Every inner jsp page should get the login attribute and check whether it is true or false. if the login attribute is false or null redirect the page to login page of your application.
 
samir singha
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any better idea on this topic???
 
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try setting up the <security-constraint> and <web-resource-collection> in your web descriptor. That should work just fine.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The other efficient way of achieving this is by using filters. As any incoming request should and must go through the filter, In the filter you can have the authentication logic which prevents the illegal access of secured pages.
 
She said she got a brazillian. I think owning people is wrong. That is how I learned ... tiny ad:
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic