JSP security


Web tier: servlets, JSP, Web frameworks: JSP security

  1. JSP security (2 messages)


    How can i secure the JSPs from a unauthorized users?. What i mean is, I am able to access the JSPs that are in my web applications through a URL. Is there any way to restrict the access?. I want to access the JSP only through my web application.

    Any kind of help id appreciated.


    Threaded Messages (2)

  2. Re:JSP security[ Go to top ]

    Solution depends upon Application Server you are using.
    If you are using WAS, turn on Global Security and in your web.xml
    mention security roles which can access the resource.

  3. Re:JSP security[ Go to top ]

    There are some generic ways which are application server/vendor independent. For example, you can make use of "filter" in this case.

    When the user login to the application, you can stores a variable in your session or you can make use of cookie. Then you can code a class to retrieve and verify this session variable, and if the verification results failed, forwards the user to an login page or something like that.

    Then you include this class into the filter tag in web.xml. In this case, the filter class would intercept all the HttpRequest and verify the session content or cookie content (depends on what method you have selected). This would prevent unauthorized user to access the jsp pages.