?
Solved

creating sessions using Java (urgent...)

Posted on 2003-03-04
7
Medium Priority
?
374 Views
Last Modified: 2010-04-01
I have a servlet which checks the login and directs a user to the specified JSP page. The users are given links to other pages acording to their login specification.

E.g admin users can view almost all JSP pages
Senior users can view most of the JSP pages
Juniors are restricted to view a min. no of pages

How can i create sesssions to restrict users only to view their valid JSP pages, Servlets. Can somebody pls. send me a sample code ???

Part of the code for the Login servlet is displayed below.


                        if(rs.next())
                        {

                          // Authenticated Administrator is directed to Admin.jsp

                          if (user.toLowerCase().startsWith("admin"))
                          {
                           res.sendRedirect("/Admin.jsp");
                          }
                          else
                          {
                            String data = rs.getString("Allowupdate").trim().toLowerCase();

                            // Authenticated Senior user is directed to Snruser.jsp

                            if (data.equals("yes"))
                            {
                              res.sendRedirect("/Snruser.jsp");
                            }

                            // Authenticated Junior user is directed to Jnruser.jsp

                            else if (data.equals("no"))
                            {
                              res.sendRedirect("/Jnruser.jsp");
                            }

                            // Error page !!!

                            else
                            {
                              res.sendRedirect("/Logerr.jsp");
                            }
                          }
                       }

                       // Invalid login

                       else
                        {
                          res.sendRedirect("/Logerr.jsp");
                        }


Rgds,
gkt_80.

0
Comment
Question by:gkt_80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 8066356
The ideal way would be to use realms and roles.

But I think for simplicity sake you can just create a list of pages or URLs that a certain role can access.  when a user logs in, create a session var that indicates their role.  Your code that checks if the user is logged in-  should be modified to also check the role of the user.

CJ
0
 
LVL 14

Accepted Solution

by:
kennethxu earned 120 total points
ID: 8066573
how to setup web application security:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html

you code will looks like:

if (request.isUserInRole("admin") {
  res.sendRedirect("/Admin.jsp");
} else if (request.isUserInRole("senior") {
  res.sendRedirect("/Snruser.jsp");
} else if (request.isUserInRole("junior") {
  res.sendRedirect("/Jnruser.jsp");
} else {
  // error
}
0
 
LVL 1

Expert Comment

by:Commodus2
ID: 8086995
You can add a session var of the user's status just before you redirect the user.

Session.setAttribute("level","senior");
(senior can be one the other levels)

you must check the session's "level" var on top of each page to see if the user has the rights to see the page.

mayby this is not at all what you mean...
ah well.... it a shot.

Commodus2
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:gkt_80
ID: 8239405
// This code continues from my previous comments.


I use the following code in the login servlet.

if (user.toLowerCase().startsWith("admin"))
{
     user = "ADMIN";
     ses.setAttribute("group",user);
     res.sendRedirect("/Admin.jsp");
}

Similarly i have created user groups Senior & Junior for the other 2 levels and direct them to the relevant pages.
I check the authentication on each page as follows. The follwing is displayed on a page accessed by the Admin.
E.g.

<%

String level = (request.getSession().getAttribute("group")).toString();

if (level =="ADMIN")
{
}
else
{
     response.sendRedirect("Error.jsp");
}

%>


When the user / admin log-off the following is in the logoff page.

<%

request.getSession().removeAttribute("group");
request.getSession().invalidate();

%>


But after loging off, when the 'Back' button is clicked the previous page is displayed. I can i prevent this and send the user to an error page.

Can somebody help.........(urgent !!!)

Rgds,
Gkt_80.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8240815
when you click back button on browser, the browser simple display whatever it got before. unless you expire every page:

<%
response.setHeader("Pragma", "No-cache");
response.setDateHeader("Expires", 0);
response.setHeader("Cache-Control", "no-cache");
%>
0
 
LVL 35

Expert Comment

by:girionis
ID: 10040916
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- Points to kennethxu

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

girionis
EE Cleanup Volunteer
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a fine trick which I've found useful many times, when you just don't want to accidentally run a batch script or the commands needs administrator rights.
New style of hardware planning for Microsoft Exchange server.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question