Re: Restricting direct access of jsp's

Sun, 08 Sep 2002 22:47:54 -0700 

> -----Original Message-----
> From: Rahul [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, September 08, 2002 11:06 PM
> To: [EMAIL PROTECTED]
> Subject: Restricting direct access of jsp's
> Importance: High
>
>
> Hi,
>
> We are using MVC architecture in our project with j2ee 1.2.
> We have a Front Controller which is the only access points
> for various modules.
> This front controller performs all the authentication and
> authorization checks.
> If the user is authorized it gives access to the requested
> resource (lets say a jsp).
>
> Since there are no authentication/authorization checks in the
> jsp, anybody who somehow comes to know of the url of a jsp
> can access the jsp.
>
> Is there anyway (preferably declarative) to make the jsp's
> inaccessible when accessed directly.
> They should ofcourse still work when request is forwarded
> from the controller servlet.

Check the referrer, from which the jsp is being called.
request.getHeader("REFERRER")
if it equals the jsp page which should call, then show the page, or if the
jsp page is called by just adding the page url in the address bar, then show
a message.
>
>
> Thanks & Regards
> Rahul

Vikram.
>
> ==============================================================
> ============To unsubscribe: mailto [EMAIL PROTECTED] with
> body: "signoff JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set
> JSP-INTEREST DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://archives.java.sun.com/jsp-interest.html
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.jsp
>  http://www.jguru.com/faq/index.jsp
>  http://www.jspinsider.com
>

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://archives.java.sun.com/jsp-interest.html
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.jsp
 http://www.jguru.com/faq/index.jsp
 http://www.jspinsider.com

Reply via email to