Solved

Prevent user from accesing a page, if not logged in.

Posted on 2002-07-16
2
153 Views
Last Modified: 2010-04-01

I have a html page which does a POST to a servlet with userid and password. After the servlet authenticates the information against a db, I store the user object in the session.

HttpSession session = request.getSession(true);
session.setAttribute("user", globalUser);

Then I use

RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("welcome.jsp");
dispatcher.forward(request,response);

to show the welcome page.

In the Welcome page,

<jsp:useBean id="user" class="com.sbali.mydb.objects.User" scope="session"/>

<TABLE BORDER=1 ALIGN="CENTER">
<TR><TD>First Name</TD>
<TD><jsp:getProperty name="user" property="firstName"/>
</TD></TR>

I display the user info.

The problem is, how do I prevent the user from accessing  welcome.jsp directly. If I hit it directly, the server instantiates the bean and now I have a User object with no property set.

I could write a scriptlet, but then I have to put the code to show the properties using out.println() instead of using xml syntax. I want to try and keep the presentation layer separate from the logic.

I am new to JSP, so I am most probably not doing things the right way.

TIA
S Bali



0
Comment
Question by:SKBali
2 Comments
 
LVL 49

Accepted Solution

by:
Ryan Chong earned 50 total points
ID: 7158818
Try:

if (session.getAttribute("user")!=null) {
  //valid login user
}
else {
  //invalid login user
}
0
 
LVL 18

Expert Comment

by:bobbit31
ID: 7185411
typically, i hide all my jsps in the WEB-INF/jsp and disallow any outside access to that directory. Therefore the only way to get at it is to go through the servlet first.

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now