O'Reilly logo

JavaServer Pages, Second Edition by Hans Bergsten

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Access Control Using a Filter

The Project Billboard application uses application-controlled authentication and access control to ensure that only registered users can use the application. As discussed in Chapter 12, your first choice should be to use container-controlled authentication and access control, but let’s assume that, in this case, there are valid reasons for going at it on our own.

Not all requests require a user to be logged in. For instance, if the login form and authentication request are protected, you’re faced with a Catch 22; it’s impossible to log in because you have to be logged in to load the login form. It’s also reasonable to accept a log-out request from a user who isn’t logged in; the session that contains the authentication information may have timed out before the user tries to log out.

You can use the URI path to distinguish between requests that need access control and those that don’t. In this application, all requests that need access control include the /protected path element, as shown in Table 18-1.

Table 18-1. Project Billboard context-relative URI paths

Context-relative path

Resource

/ch18/login.jsp

The login JSP page

/ch18/protected/main.jsp

The main JSP page

/ch18/protected/enterMsg.jsp

The message entry form JSP page

/ch18/authenticate.do

The authenticate action

/ch18/logout.do

The logout action

/ch18/protected/storeMsg.do

The action for storing a new message

/ch18/protected/updateProfile.do

The action for ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required