 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / October 2007Denying access to a JSP page directly
Dear All, My login page is index.html. It accepts username/password there. Validates it using validate.jsp and redirect it to main.jsp for further processing. But i noted that without using index.html, one can go directly to main.jsp using address bar. To avoid this i have done this. I have added this code to validate.jsp { %> <jsp:forward page="main.jsp"> <jsp:param name="security" value="secured" /> </jsp:forward> <% response.sendRedirect("main.jsp"); } %> As the validate.jsp do not submit any form i have to use the forward tag. Now i check this at the start of main.jsp. <% try { String is_secure = request.getParameter("security"); } catch (NullPointerException npe) { response.sendRedirect("secure.html"); } %> If the user directly goes to main.jsp then this code will throw the NullPointerException. The code throws the exception (as seen on the console) but it do not redirect it to secure.html. Why this may be? Is this the right approach? Any suggestions? Thanks in advance. Hi, this is not a very standard way of dealing with logins. I have seen in many applications, the way you want to handle a login is using a "Session" - not just Request. Now, coming to your problem, I don't think request.getParameter(..) will ever throw a NullPointerException unless the "request" itself is not initialized. So, I guess your Null pointer Exception is not thrown in the try{ .. } block as you showed in your code. Pleaser re-analyze your code to see from where you are getting the Null pointer - then you would be able to trap that situation and handle it. HTH > Dear All, > My login page is index.html. [quoted text clipped - 37 lines] > > Thanks in advance. > Hi, this is not a very standard way of dealing with logins. Please do not top-post. Sameer wrote: >> Dear All, >> My login page is index.html. [quoted text clipped - 35 lines] >> Why this may be? >> Is this the right approach? Any suggestions? You should avoid having Java scriptlet in your JSPs. You should use <jsp:forward> instead of redirect. Using <jsp:forward> prior to the rest of validate.jsp means that the rest of the JSP will not render. You should keep authentication information in the session, as send2r suggested when they also pointed out that your NPE is never thrown.  SignatureLew > Dear All, > My login page is index.html. [quoted text clipped - 37 lines] > > Thanks in advance. This is often achieved via a Servlet Filter. Add a filter, and check for a session variable and/or a cookie that indicates a successful auth. If no auth, redirect the user to login page, if auth'd, let him pass. I am sure you'd find a lot of examples by Googling around on usage of Servlet Filters to check authentication. -cheers, Manish Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.