If I understand you correctly, you want the user to access an html document
ONLY if he's correctly identified.
I've done this, but I'm not sure it's the most graceful way to do it....
1) Put something in session when the user is identified correctly like this
:
if((user.equals("administrator")) && (passwd.equals("author"))){
session.setAttribute("isIdentified","true");
........
}
2) Create a little JSP page that will check if you're logged or not
<!--- beginning of file checkLogin.jsp --->
<%
String isLogged =3D (String)session.getAttribute("isIdentified"));
if(isLogged=3D=3Dnull || !isLogged.equals("true")) { // not identified
correctly
response.sendRedirect("/login.html"); // send back to login/password
form
}
%>
<!--- end of file --->
3) Rename all the HTML files you want to protect to JSP and in your new jsp
files include the JSP like this :
<jsp:include page=3D"/checkLogin.jsp" flush=3D"true"/>
This code might not work, I just wrote it on top of my head, I didn't try
running it
Depending on your platform, steps 2 and 3 can be replaced using SSI, but why
use SSI with the <servlet> tag
I hope you get the right idea, but I bet someone will come up with something
better (cleaner ?) and make me look dumb again
Have fun Kal,
Cheers, AD.
----- Original Message -----=20
From: kal inuganti=20
To: [EMAIL PROTECTED]=20
Sent: Friday, February 16, 2001 9:25 AM
Subject: HTML FILE Security
Hi All
I have a small security problem and I would like to know how I can fix =
it. My servlet sends a request to an HTML file if the request is valid. =
The code snippet is as follows:
if((user.equals("administrator")) && (passwd.equals("author"))){
out.println("<HTML>");
out.print("<head>" + "<meta http-equiv=3D\"refresh\" content=3D\"2; =
url=3D" +
"http://24.181.167.18:8080/ValidAuthor.htm;\">" + "</head>");
out.println("<BODY>");
out.println("<BR>" + "<BR>" + "<BR>");
out.println("<BR>" + "<BR>" + "<BR>");
out.println("<BR>" + "<BR>" + "<BR>");
out.println("<BR>" + "<BR>" + "<BR>");
out.println("<p align=3Dcenter>"+"<img =
src=3Dhttp://24.181.167.18:8080/welcome.gif>" + "</p>");
out.println("</BODY>");
out.println("</HTML>");=20
}
I would like to protect the ValidAuthor.htm file from direct access and =
the only way it can be accessed is through this servlet. Can someone =
help me with this problem.=20
Thanks,
Kalyan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
