Check this out. http://www.fawcette.com/javapro/2002_09/online/servletsjsp_bkurniawan_09_03_ 02/
Regards, Vikramjit Singh, GTL Ltd. Ph. 7612929-1059 > -----Original Message----- > From: Patrick Melli [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 11, 2002 1:11 PM > To: [EMAIL PROTECTED] > Subject: Re: Restricting direct access of jsp's > > > Pramod, > > In your jsp, check where the request is comming from. > > if(!request.getHeader("refer").endWith("xx??xx")) { > > } else { > > } > > Regards, > > -P > > -----Original Message----- > From: Pramod Nair > Sent: Sun 9/8/2002 8:05 PM > To: [EMAIL PROTECTED] > Cc: > Subject: Re: Restricting direct access of jsp's > > > I am sure there are better solutions than this, but , one possible way > would be to set a request attribute through request.setAttribute() in > your controller servlet, before forwarding the request to the > view JSP. > The JSP could then check the presence of this request attribute to > determine whether the request came in from a Controller or through a > Direct client access (Clients cant request.setAttribute(), since its a > HTTP independent Server side technique) > > I'd love to learn some way of doing this declaratively too ... > > regards > > Pramod Nair > > > ----- Original Message ----- > From: Rahul > To: [EMAIL PROTECTED] > Sent: Monday, September 09, 2002 6:05 AM > Subject: Restricting direct access of jsp's > > > Hi, > > We are using MVC architecture in our project with j2ee 1.2. > We have a Front Controller which is the only access points > for various > modules. > This front controller performs all the authentication and > authorization checks. > If the user is authorized it gives access to the requested resource > (lets say a jsp). > > Since there are no authentication/authorization checks in the jsp, > anybody who somehow comes to know of the url of a jsp can access the > jsp. > > Is there anyway (preferably declarative) to make the jsp's > inaccessible when accessed directly. > They should ofcourse still work when request is forwarded from the > controller servlet. > > > Thanks & Regards > Rahul > > ______________________________________________________________ > _____________ > To unsubscribe, send email to [EMAIL PROTECTED] and > include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: > http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
