secure my web page

[nobr]try the following.. its up to you if you want to use it:

index.jsp

<%@ page contentType="text/html;charset=windows-1252"%>

<%

String error = request.getParameter("error")!=null?request.getParameter("error"):"";

%>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<title>untitled</title>

</head>

<body>

<form action="success.jsp" method="POST">

<table cellspacing="0" cellpadding="2" border="0" width="400">

<%if(error.equals("1")){%>

<tr>

<td colspan="2">

<font color="red"> You are not logged. Loggin First</font>

</td>

</tr>

<%}%>

<tr>

<td>Username</td>

<td>

<input type="text" name="username"/>

</td>

</tr>

<tr>

<td>Password</td>

<td><input type="password" name="password"/></td>

</tr>

<tr>

<td colspan="2">

<input type="submit" value="Submit"/>

</td>

</tr>

<tr>

<td colspan="2">

<a href="mainpage.jsp">To Main Page</a>

</td>

</tr>

</table>

</form>

</body>

</html>

success.jsp

<%@ page contentType="text/html;charset=windows-1252"%>

<%

String username = request.getParameter("username")!=null?request.getParameter("username"):"";

String password = request.getParameter("password")!=null?request.getParameter("password"):"";

%>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<title>untitled</title>

</head>

<body>

<%if(username.equals("gani") && password.equals("gani")){

session.setAttribute("username",username);

%>

<a href="mainpage.jsp">Main Page</a>

<%}else{%>

<font color="red">Sorry invalid login!</font><br/>

<a href="index.jsp">Login</a>

<%}%>

</body>

</html>

mainpage.jsp

<%@ page contentType="text/html;charset=windows-1252"%>

<%

String username = session.getAttribute("username")!=null?(String)session.getAttribute("username"):"";

if(username.equals("")){

response.sendRedirect("index.jsp?error=1");

}

%>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<title>untitled</title>

</head>

<body>

<h2>Welcome <%=username%>!</h2>

<a href="logout.jsp">Logout</a>

</body>

</html>

logout.jsp:

<%@ page contentType="text/html;charset=windows-1252"%>

<%

session.invalidate();

response.sendRedirect("index.jsp");

%>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<title>untitled</title>

</head>

<body>

</body>

</html>

username is gani and password is gani also.. hardcoded..heheh[/nobr]

jgalacambraa at 2007-7-14 17:04:02 >

as you can see in the success.jsp this line:

session.setAttribute("username",username);

sets the value of username to a session variable also name username.. now clicking the link "main page" will go to mainpage.jsp.. in the mainpage.jsp, there is some checking username if it is "".. i put the:

String username = session.getAttribute("username")!=null?(String)session.getAttribute("username"):"";

os that it varible username will still have the value of "" if it is null to avoid exceptions.. now if the value username is "" it will then be redirected to index.jsp which is the login page.. the link on the mainpage.jsp (logout) will be the one that sets the session variables to null using the session.invalidate()

method.. so if you click logout on the mainpage.jsp, it will redirect to index.jsp and the value of the session variable named username will become null.. hope you understand my english :)

jgalacambraa at 2007-7-14 17:04:02 >

<%

String username = session.getAttribute("Empname")!=null?(String)session.getAttribute("Empname"):"";

if(username.equals(""))

{

response.sendRedirect("/proj/frame.jsp");

}

%>

when ever u retrive session values in ur web pages make sure the attribute name is the same.....

i secured my web page in this way ... thank u every body

gania at 2007-7-21 9:01:57 >