Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Enterprise & Remote Computing >> Web Tier APIs

securing JSP pages

Hi,

I want that nobody can bypass the login-page of my application. i.e. It should not be possible that you can access the internal jsp pages just by typing the URL (once u know by any means). To access them you have to login into the application.

I am using JBOSS server for this application. When i m using the following code into my deployment-descriptor then none of the page is accessible;

<security-constraint>

<web-resource-collection>

<web-resource-name>no_access</web-resource-name>

<url-pattern>*.jsp</url-pattern>

</web-resource-collection>

<auth-constraint/>

</security-constraint>

Also please tell me that how we can define the roles (specific for diff. users)

Any response/clue will be appriciated.

thanks.

[854 byte] By [Prashant001a] at [2007-10-2 18:49:01]
«« printing Multiple pages
»» the problem about "import com.bruceeckel.swing.*;"?
# 1
i think u can session fo rthis<%if(session.getAttribute("logged")!="1"){%><jsp:forward page="index.jsp"/><%}%>hop this wil help
aleensa at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 2
Thanks for the reply.It worked.Although, if you know some better ideas then do share them because i have to repeat this code in every jsp page.thanks again.
Prashant001a at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 3
MVC pattern. Using it you route all calls through the same controller so you can put the security checks in that one controller as well.
gimbal2a at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 4
response.sendRedirect("nextpage.jsp");write above line in end of yr logic.in second page from yr login page flow will redirect to first page to third.
ineedhelp@suna at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 5
If u can convert that page in servlet than thru web.xml(Tomcat)u can change <url -mapping> for showing different query string
ineedhelp@suna at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 6
you write one file with all the session code then in every page just include that page.<%@ include file="/ses.jsp" %>in that way you can have control of session at 1 point so you can add and delete attributes to session from 1 place
Innovaa at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 7
use filters...
Rahul.Guptaa at 2007-7-13 20:11:46 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
Enterprise & Remote Computing
Web Tier APIs

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified