Solved

Prevent user from accesing a page, if not logged in.

Posted on 2002-07-16
2
157 Views
Last Modified: 2010-04-01

I have a html page which does a POST to a servlet with userid and password. After the servlet authenticates the information against a db, I store the user object in the session.

HttpSession session = request.getSession(true);
session.setAttribute("user", globalUser);

Then I use

RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("welcome.jsp");
dispatcher.forward(request,response);

to show the welcome page.

In the Welcome page,

<jsp:useBean id="user" class="com.sbali.mydb.objects.User" scope="session"/>

<TABLE BORDER=1 ALIGN="CENTER">
<TR><TD>First Name</TD>
<TD><jsp:getProperty name="user" property="firstName"/>
</TD></TR>

I display the user info.

The problem is, how do I prevent the user from accessing  welcome.jsp directly. If I hit it directly, the server instantiates the bean and now I have a User object with no property set.

I could write a scriptlet, but then I have to put the code to show the properties using out.println() instead of using xml syntax. I want to try and keep the presentation layer separate from the logic.

I am new to JSP, so I am most probably not doing things the right way.

TIA
S Bali



0
Comment
Question by:SKBali
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 52

Accepted Solution

by:
Ryan Chong earned 50 total points
ID: 7158818
Try:

if (session.getAttribute("user")!=null) {
  //valid login user
}
else {
  //invalid login user
}
0
 
LVL 18

Expert Comment

by:bobbit31
ID: 7185411
typically, i hide all my jsps in the WEB-INF/jsp and disallow any outside access to that directory. Therefore the only way to get at it is to go through the servlet first.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
report generation frameworks 1 73
servlet init param and contect param 3 72
eclipse luna javeEE perspecive missing 5 122
Java Script nested call 3 90
The goal of this blog is: - To define the incident management process - To go over the key elements of an incident management system - To look into incident alert management tools that integrate with ConnectWise.
By reading this blog, MSPs will gain insight into how to improve communications with their clients as well as establish a more profitable business.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question