Solved

Setting and getting values from one servlet to another....

Posted on 2004-08-08
6
320 Views
Last Modified: 2013-11-24
Hi,

I would like to achieve an ability to restict the user to access certain pages withing my application by simply typing their urls in the browser. Here is what I have:

JSP A and Servlet A
JSP B and Servlet B
JSP C.

I want to set a variable String key="some sequence of characters" within servlet B from servlet A or JSP C. If the user will access JSP B it will check if the key is set in servlet B by calling getKey() method. If it is set then it will allow user to see the content of the page otherwise it will display an error message. Also, upon verification of the key it should set it back to null or "".  This way if the user will try to access JSP B he will fail. The only way for him to access JSP B would be by redirecting from servlet A or JSP C.

Please help with concreate examples! Thank you in advance!

Gene.
0
Comment
Question by:brige03
6 Comments
 
LVL 35

Accepted Solution

by:
girionis earned 400 total points
ID: 11750378
Why do you want to do it programamtically? All server provide a way to restrict access to certain pages by means of the web.xml file. You can define roles and what role can access what page, for example the following restricts access to pages, user1.htm, user2.htm and user3.htm:

<security-constraint>
            <web-resource-collection>
                  <web-resource-name>Moderator</web-resource-name>
                  <description>We restrict access to all resources within the /MyWebApp/jsp/documents/moderatorscreen web resources</description>
                  <!--<url-pattern>/MyWebApp/jsp/documents/moderatorscreen/*</url-pattern>-->
                  <url-pattern>user1.htm</url-pattern>
                  <url-pattern>user2.htm</url-pattern>
                  <url-pattern>user3.htm</url-pattern>
                  <http-method>POST</http-method>
                  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                  <description>Only let the moderator login</description>
                  <role-name>ModeratorRole</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <description>SSL not required</description>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>

If you still want to do it programmatically I suggest you use a session variable. For example in ServletA or JSPC you can do something like:

String key = "dfgdfgdfgkdh1212jh121298dsfh"
session = request.getSession();
session.setAttribute("secretKey", key);

In ServletB or JSP B check to see if the key exists:

session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}
0
 

Author Comment

by:brige03
ID: 11754105
I will give it a try sometime today and will come back with a feedback.

Can I do something like this in servlet context? If yes, what some of the advantages or disadvantages using one method over the other?

I am also want to use ramdom function generator for the key value. So how can I validate the key then? And where? Please advise...

The first portion of the answer will not be applicable since all my users will use one role. Thank you!

Gene.

0
 
LVL 15

Expert Comment

by:JakobA
ID: 11756874
You cannot do it through shared variables in servlets only. Remember there may be 100 users viewing your pages at the same time. and each of them can have a different type of access. That is not possible if they read their accessprivilidges from a shared variable.

With the session approach suggested by girionis, an additional persistent object is generated for each user, and variables in that object can then be acessd by any servlet that user activate.

regards JakobA
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:brige03
ID: 11757043
You are right! It makes sense...

So then I will set the attribute and get it from the session.
Also, I probably will set it to null right after I verified it and got a positive answer:

 session = request.getSession();
String key = (String) session.getAttribute("secretKey");
if (key != null && key.equals("dfgdfgdfgkdh1212jh121298dsfh"))
{
    // user came from the pages we wanted
session.setAttribute("secretKey",null);
break;
}
else
{
   // user didn't come from the pages we wanted, redirect user to somewhere else.
}

Thanks guys!
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759933
Thank you for accepting :)
0
 

Expert Comment

by:Udaya_Sankar_Das
ID: 22774124
JSP
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Systems talking to each other 5 126
Error with Java/Cache JDBC Classpath 2 31
Error trying to install RTMT Win7 5 41
map related example 6 36
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now