Thomas wrote:
>
> At the top of my page is an access control code block that checks to see if
> a user is allowed access to the page. If the user doesn't have access, then
> they are redirected to an error page. Below the control code is a procedure
> to deal with a submitted form that updates a database. The problem is if
> the user is not allowed, the form submission is still allowed and then the
> user is redirected to the error page, which would allow an unwanted visitor
> to update the database even though the control code successfully rejects
> them. The only way I'm able to force the server to redirect before parsing
> the whole page is to place a "return;" immediately after the redirect at the
> end of the if() block. Is there a problem with this method, such as the
> servlet container seeing a return where it shouldn't?
> [...]
No problem; that's exactly what you have to do to get it to work as you
like. You may want to consider encapsulating all of this code in a
custom action instead though. If the access control fails, the custom
action can abort the processing of the page (return SKIP_PAGE from the
doEndTag() method).
Hans
--
Hans Bergsten [EMAIL PROTECTED]
Gefion Software http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
