Avatar of huzefaq
huzefaq
 asked on

need help with authorization - to show no access page

I have a code which checks if a person is in priveliged group, if yes then the person is transferred to admin page otherwse he is transferred to the noAccess page.
The problem is that when the person is not in the priveliged group it still goes to the admin page as the link shows
        http://localhost.com/chapter_admin/alabama/
but the content is shown of the noAccess page.

Would anyone know why it is doing that and how can I fix it so the it goes to
    http://localhost.com/alabama/templates_public/noAccess.jsp
if the person is not athorized

thanks
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

/* check to see that the user belongs to one of the privileged groups allowed to access the protected area */
    if(this.isInPrivilegedGroup(request_path, user_view_groups)) {
        /* yes, it's priviledged to access the wanted path...let him/her threw */
       chain.doFilter(request, response);
       return;
     }
     else {
        /* if we get here, that means the user does not belong to a privileged group(s) allowed access to the wanted area */
            request.setAttribute("DESTINATION", request_path);
            request.setAttribute("MESSAGE", "Sorry, you do not have access to the wanted URL...");
            ((HttpServletRequest)request).getRequestDispatcher("../templates_public/noAccess.jsp").forward((HttpServletRequest)request, (HttpServletResponse)response);
      }
Java

Avatar of undefined
Last Comment
Mick Barry

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Mick Barry

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Mick Barry

response.sendRedirect(....
SOLUTION
mbvvsatish

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
huzefaq

ASKER
Thanks guys!

But can u please tell me what is the use of getRequestDispatcher.forward and where it is used





 
huzefaq

ASKER
Guys one thing I am having a hard time to understand is that when I call

((HttpServletRequest)request).getRequestDispatcher("../templates_public/noAccess.jsp").forward((HttpServletRequest)request, (HttpServletResponse)response);

why doesn't it go to this page
and why does it got to this page

http://localhost:8080/chapter_admin/alabama

Thanks
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Mick Barry

redirect sends a response back to the browser telling it to request a different url

forward simply forwards the request on to a different controller for processing.

you use forward when you want the r4equest to be handled by a different controller in your app