Caution: If you do this by using a redirect and relying on the referrer header
passed by the browser, you aren't really creating security.
What you want to do is set a flag in the Java session on the server side, and
have all subsequent JSP's / servlets check it.
Paul Kofon wrote:
> HI,
> I'm sure there are a number of ways to do this. I have a method I use (which
> might not be the simplest solution). Usually, my protected page is a jsp.
> Now, to get to this jsp, you enter your username and password. When you hit
> the submit button, the request is sent to a servlet that checks the database
> and authenticates user. If the user is listed, the servlet directs the
> request to the protected jsp. The tricky part is writing code in your jsp
> (now this isn't generally advised, but I do it when it is absolutely
> necessary) to check to make sure that the request came from the servlet! If
> it did then the rest of jsp would be loaded otherwise, an error page would
> be produced.
> I'm sorry I can't give you any code samples right now but that's the general
> idea. If you're familiar with JSPs, servlets and JDBC, you should get the
> hang of it. Good luck!
>
> Regards,
>
> Paul
>
> >From: João Folha <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: <[EMAIL PROTECTED]>
> >Subject: How can i create a login application
> >Date: Mon, 26 Mar 2001 15:09:44 +0100
> >
> >Hi there.
> >
> >I am trying to develop a web application, where for some url the users
> >will need to login.
> >In this process the users and passwords are in a ms access database.
> >This application will be use in an intranet.
> >Some one can advise me, ou give me some example?
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
