Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to create a web page with restriced access ?

Status
Not open for further replies.
tyris

tyris

Programmer
Nov 2, 2000
311
0
0
FR
hi all,
i've made a full web app with jsp and servlet. this will be used by the users under windows NT/windows 2000 and IE. the jsp "talks" with the servlet, and the servlet makes sql queries to a distant MS sql server 7.

i do have a database of users, only those users can access to the tables i use in my sql queries.

i'd like to make this : only the person that have a login matching with the one in the database will be able to access to my web app. the others will get a message like : "you are not alowed to access to this page" in the browser.

i've been told that there is no way to deal with NT challenge/response (integrated authentication).

so is there an other way to do this ?

Best regards X-),
Elise
 
Sort by date Sort by votes
You can't restrict access to pages, only to directories. John Fill
1c.bmp


ivfmd@mail.md
 
Upvote 0 Downvote
You could use cookies and a hash generated individually for each login (and then carried on in the database and in the client page) and then counterchecked every time you load a new page - leading to a redirect if the authentification fails.
We're working on something like that, actually, but we use EJBs for the authentification as well as any DB access. We restricted access from the JSPs to one Bean and implemented the security check there, all other Beans are only accessed from the first one. It gets pretty complicated though - we're working on the security system now for about 3 months, maybe you'll want to choose an easier approach... allow thyself to be the spark that lights the fire
 
Upvote 0 Downvote
Hi,
Why don't u, at login, create a user object in your loginServlet. this would store username and password. this can be stored in the users session. every time a request reachs your servlets, u can varify that this login is/still is valid, if not, re-direct to an error page.

Another alternative would be to create a security manager that would maintain list of logged in users. varify the username passowrd against this list before executing a request?? again store these variables in the session
 
Upvote 0 Downvote
well in fact we want that the login process is transparent for users. that's why i looked for NT integrated authentication.. but it seems not to be possible. Best regards X-),
Elise
 
Upvote 0 Downvote
it is possible to determine the user using some windows api calls. u would have to write some native code and leave it in a dll somewhere on the machine.

having said that, you would then need a client side application to call/read that. remember all servlets are executed on the server. while the nt solution is possible, i wouldn't recommend it at all. ur better off using the standard boring login web page.

hope this is of some help :)
 
Upvote 0 Downvote
yes it seems that the NT solution is worse :eek:) well i gonna see later for possible solutions, thanks. (i know that they gonna use single sign on software soon, it could give a new solution) Best regards X-),
Elise
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sarfaraz_sk
  • Question
Help in Java Interview with Blackrock for next month
Replies
1
Views
121
sarfaraz_sk
sarfaraz_sk
busy_bee
  • Locked
  • Question
Cannot import a package
Replies
0
Views
51
busy_bee
busy_bee
busy_bee
  • Locked
  • Question
CrudRepository and second order SQL injection
Replies
0
Views
66
busy_bee
busy_bee
csphard
  • Locked
  • Question
Struts question: Problem changing the action and submitting the page using javacript
Replies
1
Views
69
csphard
csphard
beatot23
  • Locked
  • Question
The map in my form is not being passed to the controller
Replies
0
Views
63
beatot23
beatot23

Part and Inventory Search

Sponsor

Back
Top