I am somewhat new to jsp and I am working on creating a password protected site. So far I have been using the session object to secure HTML files. Each page on the secure site first looks to see if the "userName" attribute of the session object has been set before displaying anything. An example is shown below:
Welcome.jsp
<!--This page is called after the user
has been authenticated and userName
attribute of the session has been set.
--- >
<% if ( session.getValue("userName") == null) { %>
<% // User not authenticated redirect to login page %>
<% } else {%>
<!--This is an authorized user --- >
<HTML>
<B> Welcome <%= session.getValue("userName")%>
<!--- all the other stuff -->
</ HTML>
<% } %>
My question is this:
My secure pages have links to pictures and word documents. How do I prevent an unauthorized user from loading these pictures or documents using the exact path to them. Eg. if my pictures are in /images/mypic.jpg how do I prevent someone from accessing them via:
Welcome.jsp
<!--This page is called after the user
has been authenticated and userName
attribute of the session has been set.
--- >
<% if ( session.getValue("userName") == null) { %>
<% // User not authenticated redirect to login page %>
<% } else {%>
<!--This is an authorized user --- >
<HTML>
<B> Welcome <%= session.getValue("userName")%>
<!--- all the other stuff -->
</ HTML>
<% } %>
My question is this:
My secure pages have links to pictures and word documents. How do I prevent an unauthorized user from loading these pictures or documents using the exact path to them. Eg. if my pictures are in /images/mypic.jpg how do I prevent someone from accessing them via: