Prevent user from accesing a page, if not logged in.
Posted on 2002-07-16
I have a html page which does a POST to a servlet with userid and password. After the servlet authenticates the information against a db, I store the user object in the session.
HttpSession session = request.getSession(true);
Then I use
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("welcome.jsp");
to show the welcome page.
In the Welcome page,
<jsp:useBean id="user" class="com.sbali.mydb.objects.User" scope="session"/>
<TABLE BORDER=1 ALIGN="CENTER">
<TD><jsp:getProperty name="user" property="firstName"/>
I display the user info.
The problem is, how do I prevent the user from accessing welcome.jsp directly. If I hit it directly, the server instantiates the bean and now I have a User object with no property set.
I could write a scriptlet, but then I have to put the code to show the properties using out.println() instead of using xml syntax. I want to try and keep the presentation layer separate from the logic.
I am new to JSP, so I am most probably not doing things the right way.