Hello
I want to protect some pages with passwords. The corresponding usernames and passwords
are stored in a DB. I figured out the following solution:
After the Login was successful, the username and password are stored in the session (I
use the session-taglib from jakarta to do that). Now, on every page that is protected,
I check if the username and password is correct. I use a bean to do that, so there
won't be to much code in a single page.
First of all, does this solution make sense or is there an easier way? For example, is
it necessary to check the username and password on every protected page? Or is it
sufficient to check if the username is registered in the session? (or another way to
ask: is it possible for a hacker to manipulate the username stored in the session in
order to have access to another's user area?
Secondly, I have a problem doing that: Here is the code which I intend to include on
every protected page:
<%@ taglib uri="/WEB-INF/session.tld" prefix="ses" %>
<% String benutzername = <ses:attribute name="uname"/>; %>
<% String passwort = <ses:attribute name="pass"/>; %>
<jsp:useBean id="validator" class="ch.zhwin.dswa.Validator">
<jsp:setProperty name="validator" property="benutzername" value="<%= benutzername
%>"/>
<jsp:setProperty name="validator" property="passwort" value="<%= passwort %>"/>
</jsp:useBean>
<% if(!validator.valid()) { %>
<jsp:forward page="anmelden.jsp"/>
<% } %>
The problem is: How do I get the values stored in the session to the bean to validate
them??? The above code doesn't work? Whats the correct syntax to do that?
Thanks very much for your help!!!
Kind regards, Roli
Content Security by MailMarshal
N�¬HS^µéX¬²š'²ŠÞu¼ˆ�ÂâžìSºÚ+‰©l�·ž.)îÆÛ¢¸š–šÞéíyÖò
©âzThm¸§°úÞ'^žÖt!�¡ñž:(µç!ž‰h‚'¬-æëÞ+aŠx�®‰ŸºwZ™éíj[-¢Ìµéšvh§ŠËkjØž�m§ÿÚvÊ,vw(›ö‰ÝxïF¥–‡"w~·òŠ\–'$
±h®k�j)bž�â²Øm¶ŸÿÃ�0j—èÇzßÝmú+š
