AW: [dbforms] Password-protected area with session and beans

Sun, 28 Mar 2004 22:49:05 -0800 

You could use server authentithication in your web.xml file. There you can put in each 
page which you want to protect. See tomcat documentation!

Regards,
Henner

> -----UrsprÃngliche Nachricht-----
> Von: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] Im 
> Auftrag von Weibel Roland, weibero1
> Gesendet: Sonntag, 28. MÃrz 2004 22:09
> An: [EMAIL PROTECTED]
> Betreff: [dbforms] Password-protected area with session and beans
> 
> 
> Hello
> 
> I want to protect some pages with passwords. The 
> corresponding usernames and passwords are stored in a DB. I 
> figured out the following solution:
> 
> After the Login was successful, the username and password are 
> stored in the session (I use the session-taglib from jakarta 
> to do that). Now, on every page that is protected, I check if 
> the username and password is correct. I use a bean to do 
> that, so there won't be to much code in a single page.
> 
> First of all, does this solution make sense or is there an 
> easier way? For example, is it necessary to check the 
> username and password on every protected page? Or is it 
> sufficient to check if the username is registered in the 
> session? (or another way to ask: is it possible for a hacker 
> to manipulate the username stored in the session in order to 
> have access to another's user area?
> 
> Secondly, I have a problem doing that: Here is the code which 
> I intend to include on every protected page:
> 
> 
> <%@ taglib uri="/WEB-INF/session.tld" prefix="ses" %>
> 
> <% String benutzername = <ses:attribute name="uname"/>; %>
> <% String passwort = <ses:attribute name="pass"/>; %>
> 
> <jsp:useBean id="validator" class="ch.zhwin.dswa.Validator">
>   <jsp:setProperty name="validator" property="benutzername" 
> value="<%= benutzername %>"/>
>   <jsp:setProperty name="validator" property="passwort" 
> value="<%= passwort %>"/> </jsp:useBean>
> 
> <% if(!validator.valid()) { %>
>   <jsp:forward page="anmelden.jsp"/>
> <% } %>
> 
> 
> The problem is: How do I get the values stored in the session 
> to the bean to validate them??? The above code doesn't work? 
> Whats the correct syntax to do that?
> 
> Thanks very much for your help!!!
> Kind regards, Roli
> 
>  
> 
> Content Security by MailMarshal
> NHS^éX'uÞ S +l.) ÛÞ y 
> zThmâ '^Öt!:(ñ!çh'-æ +axwZ j[-Ìvhékj m v,vw(Ê çíZ
> 




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
DbForms Mailing List

http://www.wap-force.net/dbforms

Reply via email to