0

I am doing a web application using servlets and jsps. I had a index.html

Now i need to avoid direct access of my login page from browser 

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>Login App using Servlet and JSP</title>
 </head>
 <body bgcolor="pink">
 <center>
 <a href="Register.jsp">Register</a>
 <a href="Login.jsp" >Login</a>
  </center>
 </body>
</html>

Now I want to prevent direct access of Login.jsp from the browser 

http://localhost:9090/LoginAppWithServletsJSPJDBC/Login.jsp

By googling I came to know that I need to use <security-constraint> for this.

Please help me .How can I achieve this.

Gundamaiah
  • 780
  • 2
  • 6
  • 30
  • You must read more about security in general. I will recommend using spring and spring security for enforcing security. Read more about spring and spring security. – RaviH Feb 16 '14 at 05:28
  • Are you using any other frameworks? spring? Stripes? Some more bare bones servlets? –  Feb 16 '14 at 05:29
  • @RaviH I am doing a basic login application using servlets and jsp.Now I am looking out for securing my jsp from direct access from browser. I am not using Spring for now. – Gundamaiah Feb 16 '14 at 05:30
  • This should be enough for now: http://docs.oracle.com/cd/E13222_01/wls/docs70/webapp/security.html – RaviH Feb 16 '14 at 05:34

1 Answers1

3

Simply move Login.jsp under WEB-INF that can't be accessed directly from the outside world.

Only application can access it whenever needed using RequestDispatcher.

Sample code:

// put this logic anywhere in your application whenever needed to show Login.jsp 
request.getRequestDispatcher("WEB-INF/Login.jsp").forward(request, response);

Please have a look at What is WEB-INF used for in a Java web application?

Community
  • 1
  • 1
Braj
  • 46,415
  • 5
  • 60
  • 76