Solved

Setting and getting values from one servlet to another....

Posted on 2004-08-08
6
323 Views
Last Modified: 2013-11-24
Hi,

I would like to achieve an ability to restict the user to access certain pages withing my application by simply typing their urls in the browser. Here is what I have:

JSP A and Servlet A
JSP B and Servlet B
JSP C.

I want to set a variable String key="some sequence of characters" within servlet B from servlet A or JSP C. If the user will access JSP B it will check if the key is set in servlet B by calling getKey() method. If it is set then it will allow user to see the content of the page otherwise it will display an error message. Also, upon verification of the key it should set it back to null or "".  This way if the user will try to access JSP B he will fail. The only way for him to access JSP B would be by redirecting from servlet A or JSP C.

Please help with concreate examples! Thank you in advance!

Gene.
0
Comment
Question by:brige03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 400 total points
ID: 11750378
Why do you want to do it programamtically? All server provide a way to restrict access to certain pages by means of the web.xml file. You can define roles and what role can access what page, for example the following restricts access to pages, user1.htm, user2.htm and user3.htm:

<security-constraint>
            <web-resource-collection>
                  <web-resource-name>Moderator</web-resource-name>
                  <description>We restrict access to all resources within the /MyWebApp/jsp/documents/moderatorscreen web resources</description>
                  <!--<url-pattern>/MyWebApp/jsp/documents/moderatorscreen/*</url-pattern>-->
                  <url-pattern>user1.htm</url-pattern>
                  <url-pattern>user2.htm</url-pattern>
                  <url-pattern>user3.htm</url-pattern>
                  <http-method>POST</http-method>
                  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                  <description>Only let the moderator login</description>
                  <role-name>ModeratorRole</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <description>SSL not required</description>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>

If you still want to do it programmatically I suggest you use a session variable. For example in ServletA or JSPC you can do something like:

String key = "dfgdfgdfgkdh1212jh121298dsfh"
session = request.getSession();
session.setAttribute("secretKey", key);

In ServletB or JSP B check to see if the key exists:

session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}
0
 

Author Comment

by:brige03
ID: 11754105
I will give it a try sometime today and will come back with a feedback.

Can I do something like this in servlet context? If yes, what some of the advantages or disadvantages using one method over the other?

I am also want to use ramdom function generator for the key value. So how can I validate the key then? And where? Please advise...

The first portion of the answer will not be applicable since all my users will use one role. Thank you!

Gene.

0
 
LVL 15

Expert Comment

by:JakobA
ID: 11756874
You cannot do it through shared variables in servlets only. Remember there may be 100 users viewing your pages at the same time. and each of them can have a different type of access. That is not possible if they read their accessprivilidges from a shared variable.

With the session approach suggested by girionis, an additional persistent object is generated for each user, and variables in that object can then be acessd by any servlet that user activate.

regards JakobA
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:brige03
ID: 11757043
You are right! It makes sense...

So then I will set the attribute and get it from the session.
Also, I probably will set it to null right after I verified it and got a positive answer:

 session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
session.setAttribute("secretKey",null);
break;
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}

Thanks guys!
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759933
Thank you for accepting :)
0
 

Expert Comment

by:Udaya_Sankar_Das
ID: 22774124
JSP
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
I had a project requirement for a displaying a user workbench .This workbench would consist multiple data grids .In each grid the user will be able to see a large number of data. These data grids should allow the user to 1. Sort 2. Export the …
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question