gkt_80
asked on
creating sessions using Java (urgent...)
I have a servlet which checks the login and directs a user to the specified JSP page. The users are given links to other pages acording to their login specification.
E.g admin users can view almost all JSP pages
Senior users can view most of the JSP pages
Juniors are restricted to view a min. no of pages
How can i create sesssions to restrict users only to view their valid JSP pages, Servlets. Can somebody pls. send me a sample code ???
Part of the code for the Login servlet is displayed below.
if(rs.next())
{
// Authenticated Administrator is directed to Admin.jsp
if (user.toLowerCase().starts
{
res.sendRedirect("/Admin.j
}
else
{
String data = rs.getString("Allowupdate"
// Authenticated Senior user is directed to Snruser.jsp
if (data.equals("yes"))
{
res.sendRedirect("/Snruser
}
// Authenticated Junior user is directed to Jnruser.jsp
else if (data.equals("no"))
{
res.sendRedirect("/Jnruser
}
// Error page !!!
else
{
res.sendRedirect("/Logerr.
}
}
}
// Invalid login
else
{
res.sendRedirect("/Logerr.
}
Rgds,
gkt_80.
E.g admin users can view almost all JSP pages
Senior users can view most of the JSP pages
Juniors are restricted to view a min. no of pages
How can i create sesssions to restrict users only to view their valid JSP pages, Servlets. Can somebody pls. send me a sample code ???
Part of the code for the Login servlet is displayed below.
if(rs.next())
{
// Authenticated Administrator is directed to Admin.jsp
if (user.toLowerCase().starts
{
res.sendRedirect("/Admin.j
}
else
{
String data = rs.getString("Allowupdate"
// Authenticated Senior user is directed to Snruser.jsp
if (data.equals("yes"))
{
res.sendRedirect("/Snruser
}
// Authenticated Junior user is directed to Jnruser.jsp
else if (data.equals("no"))
{
res.sendRedirect("/Jnruser
}
// Error page !!!
else
{
res.sendRedirect("/Logerr.
}
}
}
// Invalid login
else
{
res.sendRedirect("/Logerr.
}
Rgds,
gkt_80.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can add a session var of the user's status just before you redirect the user.
Session.setAttribute("leve
(senior can be one the other levels)
you must check the session's "level" var on top of each page to see if the user has the rights to see the page.
mayby this is not at all what you mean...
ah well.... it a shot.
Commodus2
Session.setAttribute("leve
(senior can be one the other levels)
you must check the session's "level" var on top of each page to see if the user has the rights to see the page.
mayby this is not at all what you mean...
ah well.... it a shot.
Commodus2
ASKER
// This code continues from my previous comments.
I use the following code in the login servlet.
if (user.toLowerCase().starts
{
user = "ADMIN";
ses.setAttribute("group",u
res.sendRedirect("/Admin.j
}
Similarly i have created user groups Senior & Junior for the other 2 levels and direct them to the relevant pages.
I check the authentication on each page as follows. The follwing is displayed on a page accessed by the Admin.
E.g.
<%
String level = (request.getSession().getA
if (level =="ADMIN")
{
}
else
{
response.sendRedirect("Err
}
%>
When the user / admin log-off the following is in the logoff page.
<%
request.getSession().remov
request.getSession().inval
%>
But after loging off, when the 'Back' button is clicked the previous page is displayed. I can i prevent this and send the user to an error page.
Can somebody help.........(urgent !!!)
Rgds,
Gkt_80.
I use the following code in the login servlet.
if (user.toLowerCase().starts
{
user = "ADMIN";
ses.setAttribute("group",u
res.sendRedirect("/Admin.j
}
Similarly i have created user groups Senior & Junior for the other 2 levels and direct them to the relevant pages.
I check the authentication on each page as follows. The follwing is displayed on a page accessed by the Admin.
E.g.
<%
String level = (request.getSession().getA
if (level =="ADMIN")
{
}
else
{
response.sendRedirect("Err
}
%>
When the user / admin log-off the following is in the logoff page.
<%
request.getSession().remov
request.getSession().inval
%>
But after loging off, when the 'Back' button is clicked the previous page is displayed. I can i prevent this and send the user to an error page.
Can somebody help.........(urgent !!!)
Rgds,
Gkt_80.
when you click back button on browser, the browser simple display whatever it got before. unless you expire every page:
<%
response.setHeader("Pragma
response.setDateHeader("Ex
response.setHeader("Cache-
%>
<%
response.setHeader("Pragma
response.setDateHeader("Ex
response.setHeader("Cache-
%>
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
- Points to kennethxu
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
girionis
EE Cleanup Volunteer
I will leave a recommendation in the Cleanup topic area that this question is:
- Points to kennethxu
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
girionis
EE Cleanup Volunteer
But I think for simplicity sake you can just create a list of pages or URLs that a certain role can access. when a user logs in, create a session var that indicates their role. Your code that checks if the user is logged in- should be modified to also check the role of the user.
CJ