I need to prevent unauthorized users from accessing the application pages

Hi^^,
I have created an application in jsp and servlets. It has several pages like manager, supervisor accountant. I need to prevent unauthorised users from accessing these pages. In other words I need to implement a filter. Anyone who types a url other than that of the login page needs to be blocked. However I am not able to conceptualize the code that is going to be inside the doFilter() method. Please help
Sincerely,
Prashant

Hi^^,
I admit that there were some mistakes in the previous posting. I have corrected the mistakes and now there is going to be no compile time error. However when i put in the login id and the password it is redirecting me to the login page. I think that the front end jsp is directing the control to the controller servlet. But as "YOU" have pointed out in your previous post,
"by default requestDispatcher.forward(...) does not pass through the filter change. If the user requests the login page from their browser however, then they will still get the error message, which may not be appropriate."
I feel we need to somehow make the code pass through the requestDispatcher.forward(...) method of the servlet.
I am again posting the corrected code.
package com;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class SecurityFilter implements Filter
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws   ServletException, IOException
  HttpServletRequest req = (HttpServletRequest)request;
  HttpServletResponse res = (HttpServletResponse)response;
  String X = req.getRequestURI();
  if(X.equals(http://localhost:8080/MyProject/LoginPage.jsp))
     //writing code for passing through the filter
     final class MyGenericFilter implements javax.servlet.Filter
      public FilterConfig filterConfig;
      public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain) throws java.io.IOExeption, javax.servlet.ServletException
      chain.doFilter(request,response);
      public void init(final FilterConfig filterConfig)
      this.filterConfig = filterConfig;
      public void destroy()
else
   HttpSession session = req.getSession();
   String username = (String)session.getAttribute("username");
   if(null==username)
     request.setAttribute("Error","Session has ended. Please login");
     RequestDispatcher rd = request.getRequestDispatcher("Login.jsp");
     rd.forward(request,response);
     chain.doFilter(request,response);
    else
     RequestDispatcher rd = request.getRequestDispatcher("X");
     rd.forward(request,response);
public void init(final FilterConfig filterConfig)throws ServletException
      public void destroy()
  Edited by: pksingh79 on Aug 12, 2008 5:23 AM

Similar Messages

  • Is there a way to prevent AD users from accessing the VPN?

    I have ASA 5510's that authenticate users to the Active Directory. Is there a way to prevent users, that even though they are validated through the AD from being to establish a VPN connection?

    Haven't tested this lately, but with the ipsec client, you used to be able to go to an AD user's "dial-in" tab, and there was a check box there for "allow remote access" or something that. If this was checked, they could authenticate via IAS, if not, they couldn't. This allowed only selected users within AD to use the VPN. Not sure if this is still the case, but it's a start...

  • Prevent a user from accessing Cube Navigator

    Is it possible to prevent a user from accessing the cube navigator in Analyzer so the user can only view reports that are setup? thanks

    In Analyzer 6.2, there are some 'behind the scenes' parameters that can be added to suppress menu items. If you are currently using Analyzer 6.2, try adding the following parameter to your applet tag:<PARAM NAME = HideNav VALUE ="True">Note: this will hide the Navigate button for all users accessing the page.

  • How to prevent multiple users from updating the same data in coherence

    Hi,
    I have a Java Web Application and for data cache am using coherence 3.5. The same data maybe shared by multiple users which maybe in hundreds. Now how do I prevent multiple users from updating the same data in coherence i.e. is there something in coherence that will only allow one user a time to update. If one user is in a process of updating a data in coherence and some other user also tries to update then the second user should get an error.
    Thanks

    I have a question on the same line. How can I restrict someone from updating a cache value when I a process is already working on it. I tried locking the cache key but it does not stop other process to update it , it only does not allow other process to get lock on it.

  • Prevent a user from changing the Project ID in P6 EPPM 8.3.7

    Does anyone know if there is a Global or Project Security Profile privilege that will prevent a user from changing the Project ID on an existing Project?  We are using Primavera P6 EPPM 8.3.7
    Thank you,
    Eric

    Hi,
    Below project security profile may help you,
    Edit Project Details Except Costs/Financials
    Determines whether the profile will enable users to edit fields in General, Dates, Defaults, Resources, and Settings tabs in Project Details. To assign a project baselines, users must also have the "Assign Project Baselines" project privilege assigned to their profile.
    Regards,
    Marcos

  • Is there a way to prevent a user from using the graph cursor legend to delete a cursor?

    I would like to have 2 cursors on a graph that can't be deleted by the user.

    Hi Dennis,
    I'm having this problem as well, and found your post. Are you referring to the Enabled State of the entire graph?  If so, this prevents the user from moving the cursor at all while the VI is running, which, of course, defeats the purpose of having a cursor at all.  Ideally, I would like to show the cursor palette and disable it's run-time shortcut menu.  This doesn't appear to be possible.   One workaround would be to hide the palle and instead include some indicators that show the cursors' values.  I'd prefer to show the palette to keep the program simpler.
    Any other solutions?
    Thanks,
    Alan
    Alan Blankman, Technical Product Marketing Manager and LabVIEW Developer
    LeCroy Corporation
    800-553-2769 x 4412
    http://www.lecroy.com
    [email protected]

  • GPO to prevent users from accessing the root folder of their profile doesn't work

    Hi,
    Here's the scenario:
    In a Windows 2012 RDS I created two groups called RemoteApp users and remote desktop users.
    These groups are defined in the collection for the corresponding RD Session hosts.
    These groups are not included in any other group, but they are located under an OU -called  Remote Users.
    In the domain controller I have created a GPO named "Restrict access to root drive"  which is linked to the Remote Users OU.
    The GPO I selected is - "Prevent users from adding files to the root of their users files folder"
    This doesn't seem to work. I have waited more than a few hours to allow the 90 minutes update, plus used the gpupdate /force
    but when a user clicks on the RemoteApp (Excel in this example) then access to the C: drive (which is the root folder of the user's profile) is enabled, and the user can create folders and save files under C:.
    I tried to run gpresult for the specific user but the GPO I created wasn't mentioned.
    I thought this would be a straight forward mechanism, but somehow it looks like something is missing.
    I have read about loopback and expanding, but not sure if this is what needs to be done, and if yes - I'd appreciate if I can get  step by step instructions. Everything I found so far was VERY vague.
    Thanks !
    One more detail that may be relevant - the DC is a Windows Server 2012, and the session host is a Windows 2012 R2.

    > These groups are not included in any other group, but they are located
    > under an OU -called  Remote Users.
    >
    > In the domain controller I have created a GPO named "Restrict access to
    > root drive"  which is linked to the Remote Users OU.
    >
    The USER accounts need to be in the OU your GPO is linked to. Despite
    their name, GPOs do NOT apply to groups, but to users (and computers).
    Groups only provide an additional layer of filtering...
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Is there a configuration option to prevent an unprivileged user from accessing the firefox profile manager and/or firefox safe mode?

    I'm designing a locked-down Firefox user profile for use on public computers (common room in an apartment building). I can use existing plugins and add-ons to prevent access to about:config and to lock down the various firefox preferences but this is moot if a user can still access the firefox profile manager or can start firefox in safe mode. Is there any configuration setting that could prevent this?

    Hi...
    Reinstalled 10.7.3 from the Combo Updater from apples website.
    The only way to reinstall the Mac OS X or repair the startup disk running v10.7.3 Lion, is to use Lion Recovery The combo update does not do that.
    How much free space on the startup disk? Not enough free space can account for the problems with your apps.
    Right or control click the MacintoshHD icon. Click Get Info. In the Get Info window you will see Capacity and Available. Make sure there's a minimum of 15% free disk space.
    and no web-pages will load.
    Try using OpenDNS as suggested here >  Safari 5.0.1 or later: Slow or partial webpage loading, or webpage cannot be found
    Use OpenDNS for better speed, more security, includes anti phishing filters, prevents browser redirects, and it's free.
    Open System Preferences / Preferences then select the Network tab. Click the Advanced tab then click the DNS tab.
    Click +
    Enter these addresses exactly as you see them here.
    208.67.222.222
    Click +
    208.67.220.220
    Then click OK.
    edited by:  cs

  • Prevent multiple users from accessing a list item at the same

    Hi,
    I have a scenario where, if a list item is opened (in edit mode) by one user, no other user should able to access it. I mean to checkin/checkout kind of thing which is not possible with sharepoint lists.
    One thing that I have done through infopath 2010, by setting a rule on form load. On form load, set a field's value Assigned To to Current User and then submit data. In case I am getting value of Assigned To getting stored in the list as a new record
    along with all the values from previous fields.
    I want to update the same record not the duplicate record.
    Please suggest a solution for it. 

    Hi
    add a new column to your list COL_EDITING( type yes, no )
    Default value : NO
    Customize your editform.aspx attached to your form, when it open
    A. analyze if COL_EDITING=NO
    If it isn;t alert  an error message ( the item is in edit mode by another user  )  , and close the page
    if it is --->
    B to fill COL_EDITING=YES
    and next permit user to fill the fields in the form
    Also
    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

  • Obiee11g upgrade: Preventing authenticated-user from accessing obiee system

    HI Gurus,
    We have a problem regarding security and request your inputs. Please see the issue below:
    Current Situation:
    We have successfully integrated OBIEE11g with our enterprise MS Active DIrectory. With the current set up, any user in the company will be successfully authenticated by MSAD and he/she is able to login to obiee and reach the new bieehome page. I want to prevent this.
    Expected:
    Only users who belong to certain AD Groups should be able to acess obiee
    How do I prevent this? In our MSAD we have AD groups built to identify OBIEE users. These ad Groups are pre-fixed with OBIEE_ (Ex: OBIEE_Marketing etc). Only the users belong to these groups should be allowed to login.
    In 10g, we made use of privileges to explicitly grant access to obiee. We made use of privileges like 'Access to Dashboard' etc. As a result, even if a user is successfully authenticated by LDAP MSAD , he wont be able to reach obiee dashboards if he is not a member of designated GROUP. In 11g, since there is a new page called 'BIEE HOME', non-authorized users are able to reach this page.
    Any help would be highly appreciated
    --Joe                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

    I have created an SR with Oracle and as per the responses I got, it looks like this is an issue as there is no way to restrict access to bieehome page.
    Anyone has any workarounds? This is really holding up our 11g release
    --Joe                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • We are using version 3.6 on several machines. Is there a way to restrict users from accessing the about:config page?

    Prevent users from making modifications to the about:config page?

    You can do this with the [https://addons.mozilla.org/en-US/firefox/addon/3911/ Public Fox] add-on.
    It can be used to password protect access to about:config. To prevent the user from disabling/uninstalling the add-on, it also allows you to password protect the add-ons manager. You can also lock down other parts of Firefox such as the options dialog and clear history.

  • Prevent user from closing the applications

    Hello,
    we would like to deploy to our users web application using Internet Explorer which is published over RemoteApps. Because this application takes long time to load we would like to prevent user from closing application. So we would like that session and application
    stays opened when the user clicks on close button on Internet Explorer that is published over RemoteApps.
    In other words, we would like to disconnect client from RemoteApp session, but stay logged in and keep the application running in the background.
    Is this possible to do?
    Thank you!
    Best wishes,
    Marko

    Hello,
    thank you all for your answer. I guess this is not a good news. Any other idea how to solve this problem - to start Internet Explorer web application as soon as possible.
    Last week I have found a VB script on one forum that would close the RemoteApp Windows without closing the appliaction on server but I can't find it today. Does anybody know something about this script?
    Thank you!
    Best wishes,
    Marko

  • Can I prevent a user from Deleting the Group Policy deployed power plan?

    I have Power Manager version 3.20 installed and am using the Group Policy template to deploy a customized power plan.  I do not want my users to have the ability to delete this custom plan, but I cannot find the option in the Group Policy to change the setting that would grey-out the Delete button in Power Manager.
    I have located the registry value that changes the function of Power Manager, it is: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\PWRMGRV\PowerSchemes\42617646-BC99-48E2-B3AF-C562C25F4098\ProhibitModification.  If the value is 0, then the delete button is available.  If the value is 5, then the delete button is greyed-out.
    The problems is that the Power Plan ID number (the 42617646-BC99... part in the reg key above) changes from computer to computer.  That ID string seems to be tied somehow to the specific computer.  So, I cannot just create a Group Policy Preference to change that value in the registry, because that value is always going to have a different name.
    The computers are all ThinkPad T400 model and are running Windows 7 Enterprise 64-bit.
    Can anyone suggest a different method to change this setting?  If not, is there any chance that the Power Manager application can be upgraded to include this control?
    Thank you!

    welcome to the forum!
    to add to what gan said, page 6 of the power manager deployment guide covers this policy over active directory.
    http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=TVAN-ADMIN#pmat
    http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-70419
    ThinkStation C20
    ThinkPad X1C · X220 · X60T · s30 · 600

  • Preventing the logged in user from accessing the site

    Hi,
    wanted to know if it is possible that a user who has already logged in can be prevented from logging in if the user opens a new browser window (IE or Netscape)...on the same machine as well as from different machine.
    If there r any programs or guidelines available on this...please let me know.
    thanks in advance
    rinkub

    If the user tries to log in the second time on the same machine (with the same type browser) they will have the same "session" as the first time they logged in.
    So, you could check something in the session and not allow the second logon.
    In the other case, you will need to keep the users logon information some place (like a database) and check to see if they are already logged on.

  • How do you prevent a user from using the playback bar to skip questions?

    Hi,
    I am fairly new to Captivate and I had a question regarding the quiz feature in Cap4. I have some users testing the module for me and they are able to skip questions. I have done the following: 1. Made the quiz required 2. removed the review buttons.
    Is there something I am doing wrong?
    Shal

    Hello,
    You could hide the playbar, since it is not really needed for Question slides: on entering the first question slide you assign the value 0 to the system variable cpCmndShowPlaybar, and when you want to show it again, assign the value 1.
    Lilybiri

Maybe you are looking for