Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Using a servlet without redirecting

843841Dec 22 2007 — edited Dec 22 2007

Hi

I have an isssue I have problems resolving. On a jsp application I have a folder /store/* where users/administrators may upload content (in this case mostly e-learning courses, but it could basically be anything). To be able to control access I want to add a security servlet

    <servlet-mapping>
        <servlet-name>SecurityServlet</servlet-name>
        <url-pattern>/store/*</url-pattern>
    </servlet-mapping>

Looking something like

public class SecurityServlet extends HttpServlet
{
	public void doGet (HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
	{
		if (!user is logged in and have valid access rights)
			res.sendRedirect("someErrorPage.jsp");
		else if (page is a jsp-page)
			res.sendRedirect("someErrorPage.jsp"); //mayor security issue otherwise
		else
			let the user get the requested content
	}
}

The problem is writing the else clause. If I do nothing I only get a blank page in the browser. If I redirect to the url of the request I get an infinite loop. So what are my other options?

Locked Post

New comments cannot be posted to this locked post.

Locked on Jan 19 2008

Added on Dec 22 2007

#java-servlet

4 comments

278 views