Reputation: 21
restricting a user's direct access to JSP
I have trouble with restricting user access to some pages. I send an ajax request to servlet. In ajax success I want to redirect a page to another page based on condition. But i set a servlet constraint in web xml, so redirection results in error with 403 code. response.sendredirect also does't work as it is an ajax request.
Any ideas? please, help me to do this redirection with relevant restrictions.
Upvotes: 2
Views: 396
Answers (1)
Reputation: 1552
There is a very easy solution for your problem.
That's to put the jsp files(which you don't want to be accessed by users directly) inside WEB-INF folder. The reason? Well,everything inside WEB-INF folder is by default private members of the whole application. That means that, these files can only be accessed by programs i.e. servlets.
So if any user try to directly access the jsp pages, he/she will get "Http 404" error.
In this way you may restrict user access to specific files.
Upvotes: 1
Related Questions
- How can I handle/restrict user-access to servlets & jsp's?
- Restrict JSP/Servlet access to specific users only
- How to disable direct access to jsp pages?
- How to protect my jsp page from direct access
- Denying direct access to jsp pages
- How to restrict access to a Servlet via browser
- JSP deny direct access to URL by non-logged in user
- Prevent users from accessing .jsp except by forwarding
- prevent from a user to access directly to a jsp file
- Using Filters to Restrict JSP Access?