Re: SESSION ID,ACCESS CONTROL ,BOOKMARKING PROBLEMS .

Mon, 25 Oct 1999 04:30:59 -0700

The simplest way to solve this problem is to create a servlet that is mapped to the directory that you want to protect. Then, when a request is intercepted by the servlet, create or get a session and check to see if it is new. If it is new, then redirect the request to a login page, if not, then return the originally requested page. The logic here is that; assuming a session can only be obtained by logging in, then, if a session is new, then it was never obtained in the first place. If the session is not new, then the user must have logged in and should have access to the resource.

Here is an example of a doGet method that implements such a schema:

protected void doGet (HttpServletRequest req, HttpServletResponse res)
      throws ServletException, IOException
      {
     System.out.println("-------html dir request-----------");

    // Set the content type of the response
    res.setContentType("text/html");

    // Create a ServletOutputStream to write the response
    ServletOutputStream out = res.getOutputStream();

    // Get the session object or create one if it does not exist
    HttpSession session = req.getSession(true);
 
    // Get the requested URL
    URL u = new URL((HttpUtils.getRequestURL(req)).toString());
    String thePath = u.getFile();

    if (session.isNew()) {
        System.out.println("New session: " + session.getId());
        errorMsg(out, "Must login to access: " + thePath);
        System.out.println("Invalidating session: " + session.getId());
        session.invalidate();
        out.flush();
        out.close();
        return;
    } else {
        System.out.println("Session Id: " + session.getId());
        System.out.println("Client request: " + thePath);
        System.out.println("Loading file: " + DOC_ROOT + thePath);
        try {
            BufferedReader in = new BufferedReader(new FileReader(DOC_ROOT + thePath));
            String buf;
            while ((buf = in.readLine()) != null) { out.println(buf); }
            System.out.println("Server response: " + thePath);
            out.flush();
            out.close();
            in.close();
        } catch (FileNotFoundException e) {
            errorMsg(out, "File not found: " + thePath);
        } catch (IOException ioe) {
            errorMsg(out, "IO Error: " + ioe);
        }
    }
}
 

RAHIMUNISA_N wrote:

hi,
   Iam working on HomeBanking system . i used static variables for
connection class, user id , pwd and pin no. i think this will work fine
with single user . in multi user environment this will fail becoz the
latest userid will be copied in static variables. how to overcome the
problem ?
   i want to implement session id in my application .   user should not
enter the application using bookmark options. he should enter only thru
the proper channel(homepage) . i want access control too . How to
implement this things. is there any solution for it ?

moreover i want to find the user id of the visitors visiting my homepage
and no of times they visited my page. how to trap this details.
Thanks,
Rahimunisa

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to