Hi Rahul,
 
Yes this can be done by setting a variable at the servlet(controller servlet) and verifying the same in the jsp.
Also by checking the referer value from which page the user is comming from it will be null if he is entering the jsp directly.
 
Hope this was useful.
 
Srinivas
 
 
 
 
 
----- Original Message -----
From: Rahul
Sent: Monday, September 09, 2002 11:35 AM
Subject: Restricting direct access of jsp's

Hi,
 
We are using MVC architecture in our project with j2ee 1.2.
We have a Front Controller which is the only access points for various modules.
This front controller performs all the authentication and authorization checks.
If the user is authorized it gives access to the requested resource (lets say a jsp).
 
Since there are no authentication/authorization checks in the jsp, anybody who somehow comes to know of the url of a jsp can access the jsp.
 
Is there anyway (preferably declarative) to make the jsp's inaccessible when accessed directly.
They should ofcourse still work when request is forwarded from the controller servlet.
 
 
Thanks & Regards
Rahul

Reply via email to