Restrict pages direct URL access

'llo xprts,

I have a site that uses forms and validates fields and redirects to another pages etc, but I need to know how to keep any user from access a page directly with the URL and it gets redirectionated to the login form...

I've seen this, but I don't know how to call it. :S

I think it's with session variables, and that I should check for a session variable in the top of the page that I want to restrict.

I'm kind of lost in the translation here :S

Thanks in advance.

MMarts
LVL 2
mmarthaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rk_radhakrishnaCommented:
0
sompol_kiatkamolchaiCommented:
Yes you can keep something like username in session object after making authentication. So the user that want to access page without login they will be redirect to login page.

Here is the code for example.
<%
String username = (String)session.getAttribute("username");
if ( username == null ) response.sendRedirect("/login.jsp");
%>

And in servlet that do authentication after success to do that you should put username to session object like this

HttpSession session = request.getSession();
session.setAttribute("username", username);
0
mmarthaAuthor Commented:
hello sompol,

you'll see, all I have are JSP pages. How can I put the servlet code into a JSP page?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

mmarthaAuthor Commented:
I did

<%
HttpSession session = request.getSession();
session.setAttribute("username", username);
%>

and I got

FPP_jsp.java:45: session is already defined in _jspService(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
HttpSession session = request.getSession();

ForgotPasswordPrincipal_jsp.java:46: cannot resolve symbol
symbol  : variable username
location: class org.apache.jsp.FPP_jsp
session.setAttribute("username", username);
                                 ^
so I did:

<%
HttpSession session2 = request.getSession();
session.setAttribute("username", username);
%>

and I only got the variable error, but not the session one.

What should I do? :S
0
mmarthaAuthor Commented:
I realized that I used session and session2, so I typed:

<%
HttpSession session2 = request.getSession();
session2.setAttribute("username", username);
%>

but got the same result :S
0
mmarthaAuthor Commented:
the filename is ForgotPasswordPrincipal.jsp, I was trying to making it shorter, but I  forgot to modify a line back there. Wherever it says FPP it's "ForgotPasswordPrincipal"
0
kiranhkCommented:
you need to put this in your web.xml and then in your login.jsp after the user is logged in you can add it to session....

<!-- ... -->
<security-constraint>
   <web-resource-collection>
     <web-resource-name>Sensitive</web-resource-name>
     <url-pattern>/sensitive/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>administrator</role-name>
     <role-name>executive</role-name>
   </auth-constraint>
 </security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.html</form-error-page>
</form-login-config>
</login-config>
<!-- ... -->
0
mmarthaAuthor Commented:
I don't have a login page. I just want to have the page redirected to the main page if someone try to access it directly. :S

I tried adding those to the config and then restarted the service, but I still got that error.

ForgotPasswordPrincipal_jsp.java:46: cannot resolve symbol
symbol  : variable username
location: class org.apache.jsp.FPP_jsp
session.setAttribute("username", username);
                                 ^

I have the page map like this:

[Page1]-->[Page2]-->[Page4]
      |
[Page3]-->[Page5]

Without any authentication. I want that if someone access directly to page4 or page5, to be redirected to page1. :S
0
kiranhkCommented:
if you dont have a login page then dont use the session.setAttribute.......
0
gnoonCommented:
mmartha, using session should work.

Put this code on top of first page:
<%
  //  Page1.jsp

  session.setAttribute( "location", new Integer(1) );
%>

and this code for other pages

<%
  //   Page2.jsp by assume.

  //   On this page, the location value should be 1, otherwise it's accessed directly.

  Integer location = (Integer) session.getAttribute("location");
 
  if( location == null || location.intValue() != 1 )
  {
      // It's accessed directly, go to Page1.
      response.sendRedirect("Page1.jsp");
  }
  else
  {
      // It's accessed from Page1, set location attribute to the current point.
      session.setAttribute( "location", new Integer(2) );
  }
%>

Regards,
G noon
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CodingExpertsCommented:
Well you can check on all pages ...
<%
if(request.getRequestURL().equals("url of page1"))
{
%>
  // do the processing of the page
<%
}
else
{
  request.redirectTo("url of page1");
}
%>

Hope this helps

-CE
0
CodingExpertsCommented:
This would ensure that the request generated only from page1 should be processed rest in all other cases should be redirected to page1.

-CE
0
sompol_kiatkamolchaiCommented:
If all you have are jsp, so you can use session.setAttribute("username", username) without HttpSession session = request.getSession();
0
sompol_kiatkamolchaiCommented:
If your system don't have any authentication, you just put anonymous as username.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.