Hi,
How can i secure the JSPs from a unauthorized users?. What i mean is, I am able to access the JSPs that are in my web applications through a URL. Is there any way to restrict the access?. I want to access the JSP only through my web application.
Any kind of help id appreciated.
Thanks,
Sreedhar
-
JSP security (2 messages)
- Posted by: Rathikindi Sreedhar
- Posted on: February 09 2004 23:13 EST
Threaded Messages (2)
- Re:JSP security by Badrish Agarwal on February 10 2004 06:25 EST
- Re:JSP security by Alan Choy on February 10 2004 10:10 EST
-
Re:JSP security[ Go to top ]
- Posted by: Badrish Agarwal
- Posted on: February 10 2004 06:25 EST
- in response to Rathikindi Sreedhar
Solution depends upon Application Server you are using.
If you are using WAS, turn on Global Security and in your web.xml
mention security roles which can access the resource.
Thanks,
Badrish -
Re:JSP security[ Go to top ]
- Posted by: Alan Choy
- Posted on: February 10 2004 10:10 EST
- in response to Badrish Agarwal
There are some generic ways which are application server/vendor independent. For example, you can make use of "filter" in this case.
When the user login to the application, you can stores a variable in your session or you can make use of cookie. Then you can code a class to retrieve and verify this session variable, and if the verification results failed, forwards the user to an login page or something like that.
Then you include this class into the filter tag in web.xml. In this case, the filter class would intercept all the HttpRequest and verify the session content or cookie content (depends on what method you have selected). This would prevent unauthorized user to access the jsp pages.