Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / JavaBeans / May 2005

Tip: Looking for answers? Try searching our database.

How to prevent unauthorized opening of web page ?

Thread view: 
Enable EMail AlertsStart New Thread
Gaurav - 19 May 2005 14:36 GMT
Hi All,

I am developing a Reservation System in J2EE . Following the MVC Model
2 Architecture.

I have 20 JSP pages with me . My starting page is the login page
LOGIN.JSP, and then only the user is taken to the Home.JSP (if
validated )

My problem is that if the user directly types www.project/Home.jsp , he
would be taken to the home.jsp page bypassing the Login.JSP page.

I want to restrict the users of my website to go through LOGIN.JSP page
ONLY, and if they type in any other page diretly, it should give them
security warning and STOP them to access those pages, without
authorizing themselves !!

How should i do these things ?

Regrds
Gaurav
Reply to this Message
Juha Laiho - 19 May 2005 15:31 GMT
"Gaurav" <gaurav_gopu@yahoo.com> said:
>I am developing a Reservation System in J2EE . Following the MVC Model
>2 Architecture.
[quoted text clipped - 5 lines]
>My problem is that if the user directly types www.project/Home.jsp , he
>would be taken to the home.jsp page bypassing the Login.JSP page.

Use J2EE declarative security, instead of hacking your own.
The result will be much cleaner - and requires less code.

Declare (in web.xml) which of the pages need authentication, and
declare the name of the login page there (note the requirements
on HTML form element names for username and password fields).

(and configure the users in the appropriate server-side security realm)
Signature

Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
        PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Reply to this Message
Shai - 31 May 2005 18:40 GMT
> Hi All,
>
[quoted text clipped - 17 lines]
> Regrds
> Gaurav

You need to use a session for each user. The session is basically a
browser object which holds information about the user. Using the session
object, you can determine whether the user is authorized or not, and by
doing it in every one of your pages, you'll get exactly what you want.
This is a high level explanation. Google can help you with the details.

HTH,

Shai
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.