Prevent user from accesing a page, if not logged in.


I have a html page which does a POST to a servlet with userid and password. After the servlet authenticates the information against a db, I store the user object in the session.

HttpSession session = request.getSession(true);
session.setAttribute("user", globalUser);

Then I use

RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("welcome.jsp");
dispatcher.forward(request,response);

to show the welcome page.

In the Welcome page,

<jsp:useBean id="user" class="com.sbali.mydb.objects.User" scope="session"/>

<TABLE BORDER=1 ALIGN="CENTER">
<TR><TD>First Name</TD>
<TD><jsp:getProperty name="user" property="firstName"/>
</TD></TR>

I display the user info.

The problem is, how do I prevent the user from accessing  welcome.jsp directly. If I hit it directly, the server instantiates the bean and now I have a User object with no property set.

I could write a scriptlet, but then I have to put the code to show the properties using out.println() instead of using xml syntax. I want to try and keep the presentation layer separate from the logic.

I am new to JSP, so I am most probably not doing things the right way.

TIA
S Bali



SKBaliAsked:
Who is Participating?
 
Ryan ChongConnect With a Mentor Commented:
Try:

if (session.getAttribute("user")!=null) {
  //valid login user
}
else {
  //invalid login user
}
0
 
bobbit31Commented:
typically, i hide all my jsps in the WEB-INF/jsp and disallow any outside access to that directory. Therefore the only way to get at it is to go through the servlet first.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.