how to block a jsp page
(i want is ,when I click the links to redirect each pages I want to block some specific pages for specific users)
I create an java script function to retrieve the jsp pages of each users(pages that user can access).But I have no idea to block other pages for the same user)
You do realise that someone can simply open their browser's debugging tools and change that 'none' to 'block' and get access to that link with almost no effort?
That is why security sits on the server.
posted 1 year ago
found a solution
No, you didn't. By merely hiding the link you're implementing "security by obscurity", which is not secure at all. Especially as an attacker will see what is hidden, and how it's hidden, in the page source. You also need to implement proper access control on the server, otherwise this scheme can be easily hacked.
Stuff like this is why I maintain that over 95% of the "Do-it-Yourself" web application security systems out there are no more secure than wet tissue paper.
Being Clever isn't enough. Security is hard and unless you are a trained security professional, you really shouldn't even try to invent your own security system. Nor should the resident genius at the place where you work.
The J2EE/JEE spec defines a security framework that has an excellent security record, and it's simple to use - it mostly enforces security from the outside in, preventing attackers from gaining access to application code even before they can attempt to exploit it and it blocks attacks from all sources and directions.
An IDE is no substitute for an Intelligent Developer.