How to deny access to jsp if java servlet session is null?

Question

I'm trying to develop a web site in NetBeans using java servlets, jsp and Glassfish Server. I managed to create a session for user with this code in a Servlet:

boolean logged_as_admin = Authentication.login_as_admin(name, pass);
        boolean logged_as_normal = Authentication.login_as_normal(name, pass);
        if(logged_as_admin){
            //creating a session
            HttpSession sessione_admin = request.getSession();
            sessione_admin.setAttribute("username", name);
            sessione_admin.setAttribute("logged_admin","Amministratore");
            response.sendRedirect("jsp/HomePage.jsp");

        }

Now I'd like to prevent direct access to HomePage.jsp if user hasn't logged in. In HomePage I added this code:

<%
            HttpSession sessionsa = request.getSession(false);
            String username = (String) sessionsa.getAttribute("username");
        %>

This works only in part, if I access directly the jsp page via URL I don't get access, but I get a NullPointerException and JasperException.

Below GlassFish Server Output:

Avvertenza:   StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
java.lang.NullPointerException
    at org.apache.jsp.jsp.HomePage_jsp._jspService(HomePage_jsp.java:54)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:411)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:473)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:377)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:416)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:283)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
    at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:206)
    at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:180)
    at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
    at java.lang.Thread.run(Thread.java:748)

What I want is to avoid this Glassfish error on browser and show a custom html page like access_denied.html or something when session is null or session attribute "username" is null.

What do I have to modify in code in order to achieve that? Thank you,

score -1 · Answer 1 · edited Feb 21 '18 at 12:38

-1

Check the session validate is jsp page

Example:

if(sessionsa.getAttribute("username")!=null) {

} else {
  redirect access denied page
}

edited Feb 21 '18 at 12:38

JimHawkins

4,843
8
35
55

answered Feb 21 '18 at 10:25

Raja Ramachandran

436
2
7

Problem is not that the attribute is null. – BalusC Feb 21 '18 at 10:54

How to deny access to jsp if java servlet session is null?

1 Answers1