I have a web application(J2EE+apache+struts2+jsp+jqgrid) and some JSPs(in /webcontent/data_provider folder) that jQGrid uses them to fetch data from mysql DB and fill the grid with, but I don't want users to access those JSPs.
What can I do?
Thanks in advance buddies.
put those JSP into WEB-INF or create a filter that particular URL gets hit and check if user is authenticated to access it allow, restrict otherwise
Related
i am doing mvc project and i want to update the web page automatically when the web page is loaded.
Ex: web page 1 is used to add the companies in database,web page 2 is used to delete the companies,when the web page 2 is loaded automatically in the web page 2 select box should appear with the values as company names to delete the companies from database.
i am expecting to use ajax here to automatically load the data but problem is to fetch the data from database i am using java class instead of jsp or servlet,so i am not understanding how to fetch the data from java class and use to load automatically in web page 2 for the select box.
Please help me on the same.
In this scenario, you have to use servlet, with which ajax will interact to fetch the values on page2. In servlet, you can call you java class to make database connection. Hope it helps!
My problem is that I have 2 jsp files in my project: login.jsp and adminpanel.jsp.
My aim is to show the user the login.jsp template and let him log in via a form inside it.
After login, I want my app to show adminpanel.jsp and this is my problem that I can still access it by just writing url .../adminpanel.jsp.
How can I disable this option? It just makes no sense to login if you can reach adminpanel.jsp so easily.
what you need to do is set a session variable when user logs in via login.jsp ie only if both username and password is correct .
after that on all other pages ( including adminpanel.jsp ) check if the session variable exist. If yes allow user to view the page , else redirect to login page.
Also check http_redirect or url rewritting by which you can mask original url.
Check links below for more info
http://www.jsptut.com/sessions.jsp
http://www.javatpoint.com/url-rewriting-in-session-tracking
First, your authentication should be handled by a servlet (essentially your controller class). Second all views that should not be directly accessed like in your case ought to be placed inside your WEB-INF folder, forcing your application to call the appropriate controller class. It is here where you force redirects or forwards based on your business logic and session /cookie management.
I'm looking for a way within Spring MVC to put my JSP pages in a remote machine and load them when I need them.
The reason I wanna do this is because my application received some page templates from users and I have to save them somewhere and load them dynamically when that page get requested! I was thinking if I want to put my users' JSPs pages inside my web-app on real time, It's not possible so I have two choice :
1) save it in a remote place and get reference to it while a request comes in
2) save them inside database which I think that's not good because the user page may have so many visitors ...
What solution you suggest ?
Using unix? Maybe you could mount the remote server and create a symbolic link to WEB-INF/jsp directory to point to the remote mount.
How to select a start up page of tomcat 7 webapp?
There is mainly two page in my webapp and I want to select based on domain name. for example
if admin.foo.com show admin.jsp
if user.foo.com show user.jsp
and if foo.com show index.jsp
You have to build this logic into a filter or a servlet in your webapplication. Basically, what you would do is to use HttpServletRequest.getRequestURL() to parse out the subomain of the request, and then redirect your visitor to the appropriate page.
You could create a redirection-servlet, and use HttpServletRequest#getRequestURL() to distinguish between the URLs requested by the user and redirect based on that.
When the user accesses the servlet, respond with the appropriate .jsp-file based on the domain used.
In my web application I want to create a web-page accessible only to me. Through that page I want to upload photos and other data to my web-app/website. What should I do so that a particular web-page is accessible only to me ?
One way which I think is, reaching that web-page (the page from where I will upload) through another web-page that needs password authentication. But is this the only way and is it a good method ? The authentication will be through a servlet,in case I opt this method .
If you could password protect it, You would only the person who can access that page,
To stop attacks you could also make that page orphan and put it at some weird path so that only you know the path to that page
put Filter specific to that page to check for authenticated session
hash+salt your client name or some unique long number. check it on the server side.
make your app your password and credentials.