I didn't see a response to this, so I thought I'd make a suggestion despite
the fact that
you posted this several days ago.
You might try adding an attribute to the request in ServletA begore
forwarding to Servlet B,C, or D.
The first thing that servlets B,C,or D do is check for the presence of this
Attribute. If it doesn't
exist, they can simply forward back to A to force a login. Otherwise, they
continue as normal.
Technically, you would be able to invoke B, C, & D, but such an invocation
would then have the same effect
as invoking A.
-AMT
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Said Memmadi
> Sent: Wednesday, December 29, 1999 2:43 AM
> To: [EMAIL PROTECTED]
> Subject: Servlets : restricting access ?
> Importance: High
>
>
> Hi,
>
> I like do the flowing :
>
> CLIENT ------> ServletA ---> ServletB ( wich means CLIENT -->
> ServletA(param ServletX))
> CLIENT ------> ServletA ---> ServletC
> CLIENT ------> ServletA ---> ServletD
>
> ServletA : does a several checks (login, acl, ...) that I don't want to
> duplicate (code) in B,C,D
>
>
> How can I forbid invoke servlet directly ?
>
> CLIENT --------------------> ServletB
>
>
> and restrict invoking only by ServletA(ServletB)
>
>
> How can I do it, or is it possible, or is there a better idea to do
> similar ?
>
>
> Thanks in adavance.
>
> ==================================================================
> =========
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> FAQs on JSP can be found at:
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
