Checking for a Valid Session

Authentication is only half of the solution. We must also add access control to each page in the application. Example 13-4 shows the main.jsp page as an example of a protected page. This page shows all messages for the projects of the user’s choice. It also has a form with which the user can change the list of projects of interest and links to a page for posting new messages, and to log out.

Example 13-4. A protected JSP page (main.jsp)
<%@ page contentType="text/html" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
  
<%-- Verify that the user is logged in --%>
<c:if test="${validUser == null}">
  <jsp:forward page="login.jsp">
    <jsp:param name="origURL" value="${pageContext.request.requestURL}" />
    <jsp:param name="errorMsg" value="Please log in first." />
  </jsp:forward>
</c:if> <html> <head> <title>Project Billboard</title> </head> <body bgcolor="white"> <h1>Welcome ${fn:escapeXml(validUser.firstName)}</h1> Your profile currently shows you like information about the following checked-off projects. If you like to update your profile, make the appropriate changes below and click Update Profile. <form action="updateprofile.jsp" method="post"> <c:forEach items="${validUser.projects}" var="current"> <c:choose> <c:when test="${current == 'JSP'}"> <c:set var="jspSelected" value="true" /> </c:when> <c:when test="${current == 'Servlet'}"> <c:set var="servletSelected" value="true" ...

Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.