2

How to use sessions throughout all the servlets and JSPs in a project?

When I go to one of my JSP pages, which exists in my project, writing directly the JSP file name in URL, like localhost:8080/XYZ/abc.jsp, without validating login, the JSP page is opening in the browser.

How could I manage the JSP pages and servlets so that there will be no access to any page without login authentication?

informatik01
  • 16,038
  • 10
  • 74
  • 104
user2147921
  • 9
  • 1
  • 3
  • check these blog post it may be useful http://brendangraetz.wordpress.com/2010/06/17/use-servlet-filters-for-user-authentication/ – Eslam Hamdy Apr 05 '13 at 23:47
  • @JavaPlayer This link was already mentioned 19 hours ago: http://stackoverflow.com/a/15826014/814702 )) – informatik01 Apr 05 '13 at 23:59

2 Answers2

2

I suggest the way to do this is to build a Filter. This can be used to run code before and after a request is handled by a servlet or JSP. You can build a filter which checks that a user's session is valid and, if not, redirects the user to a login page or an "unauthorised" page. This will also save you from adding authentication logic to every JSP file you want to protect.

Maybe this blog post would be helpful.

lmika
  • 1,725
  • 16
  • 23
  • +1. As an addition, here is a local SO *servlet-filters* tag info page with examples: [Servlet Filters](http://stackoverflow.com/tags/servlet-filters/info) – informatik01 Apr 05 '13 at 23:16
  • It is ok but I have many servlets and many jsps in my project. How to manage a filter among all those servlets and jsps – user2147921 Apr 18 '13 at 05:14
0

Use Servlet Authentication and Secure your web pages using Servlet Security.

Please read here.

How to secure my java web application?

Community
  • 1
  • 1
Ramesh PVK
  • 15,200
  • 2
  • 46
  • 50