Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Restrict user to access action

 
N Kumar
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a problem,I am developing an application, where multiple groups(Administrator,supervisor,inspector...) are there.And they have some restricted access only.
Now the problem is if the user login from supervisor user id and if he has the url for administrator then he can access the page.
I am checking the user in session the problem is the supervisor has login with userid and password and after that he is putting the url where he donot have access.
Can anybody suggest how to control it?
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34839
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Every action should be responsible for it's own security check that the user has the correct role. Then typing in the URL isn't enough to access a page.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic