Link to home
Start Free TrialLog in
Avatar of huzefaq
huzefaq

asked on

need help with authorization - to show no access page

I have a code which checks if a person is in priveliged group, if yes then the person is transferred to admin page otherwse he is transferred to the noAccess page.
The problem is that when the person is not in the priveliged group it still goes to the admin page as the link shows
        http://localhost.com/chapter_admin/alabama/
but the content is shown of the noAccess page.

Would anyone know why it is doing that and how can I fix it so the it goes to
    http://localhost.com/alabama/templates_public/noAccess.jsp
if the person is not athorized

thanks
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

/* check to see that the user belongs to one of the privileged groups allowed to access the protected area */
    if(this.isInPrivilegedGroup(request_path, user_view_groups)) {
        /* yes, it's priviledged to access the wanted path...let him/her threw */
       chain.doFilter(request, response);
       return;
     }
     else {
        /* if we get here, that means the user does not belong to a privileged group(s) allowed access to the wanted area */
            request.setAttribute("DESTINATION", request_path);
            request.setAttribute("MESSAGE", "Sorry, you do not have access to the wanted URL...");
            ((HttpServletRequest)request).getRequestDispatcher("../templates_public/noAccess.jsp").forward((HttpServletRequest)request, (HttpServletResponse)response);
      }
ASKER CERTIFIED SOLUTION
Avatar of Mick Barry
Mick Barry
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
response.sendRedirect(....
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of huzefaq
huzefaq

ASKER

Thanks guys!

But can u please tell me what is the use of getRequestDispatcher.forward and where it is used





 
Avatar of huzefaq

ASKER

Guys one thing I am having a hard time to understand is that when I call

((HttpServletRequest)request).getRequestDispatcher("../templates_public/noAccess.jsp").forward((HttpServletRequest)request, (HttpServletResponse)response);

why doesn't it go to this page
and why does it got to this page

http://localhost:8080/chapter_admin/alabama

Thanks
redirect sends a response back to the browser telling it to request a different url

forward simply forwards the request on to a different controller for processing.

you use forward when you want the r4equest to be handled by a different controller in your app