Try this:
1. Include a common JSP page (say like the company logo) in every other JSP
page (using tiles is perfect) that will check for a user object (say username
or user credential or something else) in session that is created only on Login.
2. If the object is not found, redirect to the login page.
There can be more streamlined versions of the same logic.
Thanks and Regards,
Thomas Joseph
Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 | India
www.kottsoftware.com
--------------------------------------------------------------------------------
This email (including any attachments) is subject to copyright, the information
in it is confidential, and it is legally privileged. Use of this email or of
any information in it other than by the addressee is unauthorized and unlawful.
If you are not the intended recipient of the mail, kindly intimate the author
of the mail and delete the same.
--------------------------------------------------------------------------------
It doesn't matter how you were, but rather how you are that decides your
future. A right attitude will get you to Success.
----- Original Message -----
From: Raghuveer
To: 'Thomas Joseph'
Cc: user@struts.apache.org
Sent: Monday, August 07, 2006 10:54 AM
Subject: RE: Browser History by HTTP-REFERER
Yes ,I am trying to restrict users only after login.
Like banking applications
-----Original Message-----
From: Thomas Joseph [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 05, 2006 9:53 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Re: Browser History by HTTP-REFERER
Can you please specify in more broad terms, what are you trying to do
(especially with the referrer code)? Are you trying to restrict user to
access pages only after login or something like that?
Thanks and Regards,
Thomas Joseph
Kott Software Pvt. Ltd. | Vallamattom Estate | M.G.Road | Cochin-682015 |
India
www.kottsoftware.com
----------------------------------------------------------------------------
--
This email (including any attachments) is subject to copyright, the
information in it is confidential, and it is legally privileged. Use of this
email or of any information in it other than by the addressee is
unauthorized and unlawful. If you are not the intended recipient of the
mail, kindly intimate the author of the mail and delete the same.
----------------------------------------------------------------------------
--
It doesn't matter how you were, but rather how you are that decides your
future. A right attitude will get you to Success.
----- Original Message -----
From: Raghuveer
In my Struts Web application
i need to restict the user accessing pages from Browser History.
When i access any page from Browser History i get
http-referer=null
So,
I am checking this by below code on Server side in All my execute method
in
Struts Action File .
if(request.getHeader("REFERER")==null){
throw new Exception("Invalid operation");
}
Is this Correct way of handling ?
