Solved

Setting and getting values from one servlet to another....

Posted on 2004-08-08
6
318 Views
Last Modified: 2013-11-24
Hi,

I would like to achieve an ability to restict the user to access certain pages withing my application by simply typing their urls in the browser. Here is what I have:

JSP A and Servlet A
JSP B and Servlet B
JSP C.

I want to set a variable String key="some sequence of characters" within servlet B from servlet A or JSP C. If the user will access JSP B it will check if the key is set in servlet B by calling getKey() method. If it is set then it will allow user to see the content of the page otherwise it will display an error message. Also, upon verification of the key it should set it back to null or "".  This way if the user will try to access JSP B he will fail. The only way for him to access JSP B would be by redirecting from servlet A or JSP C.

Please help with concreate examples! Thank you in advance!

Gene.
0
Comment
Question by:brige03
6 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 400 total points
ID: 11750378
Why do you want to do it programamtically? All server provide a way to restrict access to certain pages by means of the web.xml file. You can define roles and what role can access what page, for example the following restricts access to pages, user1.htm, user2.htm and user3.htm:

<security-constraint>
            <web-resource-collection>
                  <web-resource-name>Moderator</web-resource-name>
                  <description>We restrict access to all resources within the /MyWebApp/jsp/documents/moderatorscreen web resources</description>
                  <!--<url-pattern>/MyWebApp/jsp/documents/moderatorscreen/*</url-pattern>-->
                  <url-pattern>user1.htm</url-pattern>
                  <url-pattern>user2.htm</url-pattern>
                  <url-pattern>user3.htm</url-pattern>
                  <http-method>POST</http-method>
                  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                  <description>Only let the moderator login</description>
                  <role-name>ModeratorRole</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <description>SSL not required</description>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>

If you still want to do it programmatically I suggest you use a session variable. For example in ServletA or JSPC you can do something like:

String key = "dfgdfgdfgkdh1212jh121298dsfh"
session = request.getSession();
session.setAttribute("secretKey", key);

In ServletB or JSP B check to see if the key exists:

session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}
0
 

Author Comment

by:brige03
ID: 11754105
I will give it a try sometime today and will come back with a feedback.

Can I do something like this in servlet context? If yes, what some of the advantages or disadvantages using one method over the other?

I am also want to use ramdom function generator for the key value. So how can I validate the key then? And where? Please advise...

The first portion of the answer will not be applicable since all my users will use one role. Thank you!

Gene.

0
 
LVL 15

Expert Comment

by:JakobA
ID: 11756874
You cannot do it through shared variables in servlets only. Remember there may be 100 users viewing your pages at the same time. and each of them can have a different type of access. That is not possible if they read their accessprivilidges from a shared variable.

With the session approach suggested by girionis, an additional persistent object is generated for each user, and variables in that object can then be acessd by any servlet that user activate.

regards JakobA
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:brige03
ID: 11757043
You are right! It makes sense...

So then I will set the attribute and get it from the session.
Also, I probably will set it to null right after I verified it and got a positive answer:

 session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
session.setAttribute("secretKey",null);
break;
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}

Thanks guys!
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759933
Thank you for accepting :)
0
 

Expert Comment

by:Udaya_Sankar_Das
ID: 22774124
JSP
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
sumHeights2  challenge 7 76
countHi challenge 25 84
JDeveloper 12c for 32 bit 4 34
github account with ecipse 1 17
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now