I am just testing out writing a dynamic web project in eclipse.
I have a login.jsp page .. if the user is successfully logged in , he goes to success.jsp page.
How can i prevent the users from directly going to the success page by typing the url to success page..
For now, i have just hard coded the user name and password in a java class
Smitesh Shinde wrote:Store some value in the session attribute when user enters using login pae. Check for that attribute on success page if that is not present redirect the user back to login page.
Quite right. And do that check in a servlet filter, so that you don't have to put the code for the attribute check into every single page in your system.
Rajiv Chelsea wrote:How can i prevent the users from directly going to the success page by typing the url to success page.
What web server are you using with Eclipse? Tomcat?
1. You could move your jsp files to a directory located in the WEB-INF directory of your webapp. Such as:
2. You could use a security-constraint in your web.xml and restrict access to the success.jsp using a url-pattern.
This is how Tomcat *secures* access to the Tomcat manager webapp, http://localhost:8080/manager/html
can you please provide some sample code to show how to do it in filters..
How to store a value in session when user goes to login.jsp
and check for the value when user goes to success.jsp
So that user cant go directly to success.jsp
How to do it all in a Filter