Solved

Setting and getting values from one servlet to another....

Posted on 2004-08-08
6
321 Views
Last Modified: 2013-11-24
Hi,

I would like to achieve an ability to restict the user to access certain pages withing my application by simply typing their urls in the browser. Here is what I have:

JSP A and Servlet A
JSP B and Servlet B
JSP C.

I want to set a variable String key="some sequence of characters" within servlet B from servlet A or JSP C. If the user will access JSP B it will check if the key is set in servlet B by calling getKey() method. If it is set then it will allow user to see the content of the page otherwise it will display an error message. Also, upon verification of the key it should set it back to null or "".  This way if the user will try to access JSP B he will fail. The only way for him to access JSP B would be by redirecting from servlet A or JSP C.

Please help with concreate examples! Thank you in advance!

Gene.
0
Comment
Question by:brige03
6 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 400 total points
ID: 11750378
Why do you want to do it programamtically? All server provide a way to restrict access to certain pages by means of the web.xml file. You can define roles and what role can access what page, for example the following restricts access to pages, user1.htm, user2.htm and user3.htm:

<security-constraint>
            <web-resource-collection>
                  <web-resource-name>Moderator</web-resource-name>
                  <description>We restrict access to all resources within the /MyWebApp/jsp/documents/moderatorscreen web resources</description>
                  <!--<url-pattern>/MyWebApp/jsp/documents/moderatorscreen/*</url-pattern>-->
                  <url-pattern>user1.htm</url-pattern>
                  <url-pattern>user2.htm</url-pattern>
                  <url-pattern>user3.htm</url-pattern>
                  <http-method>POST</http-method>
                  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                  <description>Only let the moderator login</description>
                  <role-name>ModeratorRole</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <description>SSL not required</description>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>

If you still want to do it programmatically I suggest you use a session variable. For example in ServletA or JSPC you can do something like:

String key = "dfgdfgdfgkdh1212jh121298dsfh"
session = request.getSession();
session.setAttribute("secretKey", key);

In ServletB or JSP B check to see if the key exists:

session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}
0
 

Author Comment

by:brige03
ID: 11754105
I will give it a try sometime today and will come back with a feedback.

Can I do something like this in servlet context? If yes, what some of the advantages or disadvantages using one method over the other?

I am also want to use ramdom function generator for the key value. So how can I validate the key then? And where? Please advise...

The first portion of the answer will not be applicable since all my users will use one role. Thank you!

Gene.

0
 
LVL 15

Expert Comment

by:JakobA
ID: 11756874
You cannot do it through shared variables in servlets only. Remember there may be 100 users viewing your pages at the same time. and each of them can have a different type of access. That is not possible if they read their accessprivilidges from a shared variable.

With the session approach suggested by girionis, an additional persistent object is generated for each user, and variables in that object can then be acessd by any servlet that user activate.

regards JakobA
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:brige03
ID: 11757043
You are right! It makes sense...

So then I will set the attribute and get it from the session.
Also, I probably will set it to null right after I verified it and got a positive answer:

 session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
session.setAttribute("secretKey",null);
break;
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}

Thanks guys!
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759933
Thank you for accepting :)
0
 

Expert Comment

by:Udaya_Sankar_Das
ID: 22774124
JSP
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JUnit 4 @Before and @BeforeClass differences 3 59
egit plugin on eclipse 8 63
throw exception 21 44
Is Applet the way to go for my drag and drop system? 8 13
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question