How to restrict a user to access pages by typing the URL in the browser?

Question

In My application I did java project with ajax calling here I have a problem without Login also user can type url accessing the pages for that I used the below code but when i add the below code it's not working. I am getting Page not found error even I am unable to getting a login page also.

     @WebFilter("/*")
public class LoginFilters implements Filter {
    @Override
        public void init(FilterConfig config) throws ServletException {
            // If you have any <init-param> in web.xml, then you could get them
            // here by config.getInitParameter("name") and assign it as field.
        }
     private static final String AJAX_REDIRECT_XML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
                + "<partial-response><redirect url=\"%s\"></redirect></partial-response>";
 @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {    
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
            HttpSession session = request.getSession(false);
            String loginURL = request.getContextPath() + "/Login.jsp";

            boolean loggedIn = (session != null) && (session.getAttribute("Username") != null);
            boolean loginRequest = request.getRequestURI().equals(loginURL);
            boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + "/Login.jsp");
            boolean ajaxRequest = "partial/ajax".equals(request.getHeader("Faces-Request"));

            if (loggedIn || loginRequest || resourceRequest) {
                if (!resourceRequest) { // Prevent browser from caching restricted resources. See also https://stackoverflow.com/q/4194207/157882
                    response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
                    response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
                    response.setDateHeader("Expires", 0); // Proxies.
                }

                chain.doFilter(request, response); // So, just continue request.
            }
            else if (ajaxRequest) {
                response.setContentType("text/xml");
                response.setCharacterEncoding("UTF-8");
                response.getWriter().printf(AJAX_REDIRECT_XML, loginURL); // So, return special XML response instructing JSF ajax to send a redirect.
            }
            else {
                response.sendRedirect(loginURL); // So, just perform standard synchronous redirect.
            }
        }

        @Override
        public void destroy() {
            // TODO Auto-generated method stub

        }

        // ...

}

can anyone tell me how can i do this

Answer 1

You should take a look to this : Securing a Web Application

Securing a Web Application

This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.

What you’ll build

You’ll build a Spring MVC application that secures the page with a login form backed by a fixed list of users.

Answer 2

Spring is absolutely the best solution and I really recommend to use it: it helps you on everything! If you don't want to use it right now and you don't care about security too much you can roughly use a session token or a simple static token(even a boolean, a char or a string) that checks if the user is coming from a certain page or not:

if the code in a certain servlet(or in spring controller) is executed you should set this boolean-whateverYouWant field to a certain value: when you load a page you can check the value of that field(spring mvc-angularJs or javascript) and then you can show the right page: "Not Allowed" if the token is null or void or what you prefer! The best and definitely solution would be spring security-angularJs and web services exposed in a spring mvc controller. Seriously... think about learning spring!