Home arrow Java & J2EE arrow Page 9 - The JSP Files (part 6): State Of Grace

Access Denied - Java

Now that you've mastered the basics, it's time to bring out thebig iron. This week, The JSP Files explores the various techniquesavailable to "maintain state" on a JSP-based Web site. Learn about theCookie and Session objects, find out how to build a cookie-based hitcounter, and read about a simple yet effective way of protecting sensitiveWeb pages with the Session object.

  1. The JSP Files (part 6): State Of Grace
  2. Wasted, Dude!
  3. A Few Ground Rules
  4. Learning To Write...
  5. ...And Read
  6. What's In A Name?
  7. Plan B
  8. Session Dissection
  9. Access Denied
By: Vikram Vaswani and Harish Kamath, (c) Melonfire
Rating: starstarstarstarstar / 5
March 26, 2001

print this article


Here's another simple example which demonstrates some of the methods above,and also illustrates how JSP sessions can be used to protect Web pages withsensitive information.

This example presents a form ("start.html") asking for your name, and takesyou to a new page ("login.jsp") once you submit the form. "login.jsp"creates a session to store the name you entered, and offers a link to"rootshell.jsp", which is the sensitive file to be protected.

So long as the session is active, any attempt to access the page"rootshell.jsp" will succeed. On the flip side, if a session is not active,any attempt to access "rootshell.jsp" by bypassing the initial form willfail, and the user will be redirected to "start.html".

This is a relatively primitive example, but serves to demonstrate one ofthe more common uses of session variables.

All the redirection in this example is accomplished using the Responseobject (you remember this, don't you?)

<html> <head> <basefont face="Arial"> </head> <body> <!-- start.html --> <form action="login.jsp" method="post"> <table> <tr> <td>Your name</td> <td><input type=text name=username> <input type="Submit" value="Click me"></td> </tr> </table> </form> </body> </html>

Once the form is submitted, "login.jsp" takes over.

<html> <head> <basefont face="Arial" </head> <body> <% // get the form variable String username = request.getParameter("username"); // create a session session.putValue("username", username); // set a timeout period session.setMaxInactiveInterval(300); // display a link to the protected file out.println("Thank you for using this service."); out.println("Click <a href=rootshell.jsp>here</a> for root access"); %> </body> </html>

And here's the top-secret page.

<html> <head> <basefont face="Arial"> </head> <body> <% // rootshell.jsp // get the username from the session String username = (String)session.getValue("username"); // if null, security breach! if (username == null) { response.setHeader("Location", "start.html"); } else { // display the protected page %> Welcome to your root shell, <b><%= username %></b>! <p> Your session ID is <% out.println( session.getId() ); %> <p> This session will expire in <% out.println( session.getMaxInactiveInterval() ); %> seconds. <% } %> </body> </html>

To test this, first log in and find your way to "rootshell.jsp" - youshould have no trouble accessing it. Then close the browser, start it upagain, and try to get to "rootshell.jsp" without going through the loginprocess; you should be automatically redirected to the login page.

And that's about it. You should now have a pretty clear idea of how JSPattempts to solve the "stateless protocol" problem, together with someunderstanding of how to create and use both client-side cookies andserver-side sessions. Go practice!

>>> More Java & J2EE Articles          >>> More By Vikram Vaswani and Harish Kamath, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- More Java Bugs Lead to More Attacks
- Oracle's Java One Brings News, Surprises
- Oracle Patches Java Runtime Environment
- Apple Syncs Java Update with Oracle
- Spring 3.1 Java Development Framework Compat...
- Jelastic Java PaaS Availability and Pricing ...
- NetBeans 7.1 Released, Supports JavaFX 2
- SolarWinds Releases Newest Version of Java M...
- Free Monitoring Tool for Java Apps on Heroku
- Heroku Adds JCloud Platform Support, Java 7 ...
- Java SE 8 Speculation in Full Swing
- Java SE 7 Now Available
- New JVM Language and Java Reporting Tool
- Java 7 Release Update and New Eclipse Toolkit
- The Best Java Netbeans IDE Plugins

Developer Shed Affiliates


Dev Shed Tutorial Topics: