Prevent user from accesing a page, if not logged in.

I have a html page which does a POST to a servlet with userid and password. After the servlet authenticates the information against a db, I store the user object in the session.
HttpSession session = request.getSession(true);
session.setAttribute("user", globalUser);
Then I use
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("welcome.jsp");
dispatcher.forward(request,response);
to show the welcome page.
In the Welcome page,
<jsp:useBean id="user" class="com.sbali.mydb.objects.User" scope="session"/>
<TABLE BORDER=1 ALIGN="CENTER">
<TR><TD>First Name</TD>
<TD><jsp:getProperty name="user" property="firstName"/>
</TD></TR>
I display the user info.
The problem is, how do I prevent the user from accessing welcome.jsp directly. If I hit it directly, the server instantiates the bean and now I have a User object with no property set.
I could write a scriptlet, but then I have to put the code to show the properties using out.println() instead of using xml syntax. I want to try and keep the presentation layer separate from the logic.
I am new to JSP, so I am most probably not doing things the right way.
TIA
S Bali

This is what i have:
authorize.jsp
String user = (String)session.getValue("globalUser")
if(user == null)
response.sendRedirect("login.jsp")
and then in every other jsp file (besides login) I have:
<%@ include fiile="authorize.jsp" %>
at the top (just have the page tag.

Similar Messages

  • Is it possible to prevent users from viewing a page in Edit Mode?

    Hello everyone,
    I would like to know if it is possible to prevent users from accessing a portal page in Edit Mode. Currently, the users do not have access to any links that take them to edit mode, but if they add &_mode=16 to the end, they view the page in edit mode. Granted, they don't have permissions to add or edit content, but I would like to keep them from seeing this.
    I am using 9.0.4.1
    Any help or suggestions would be greatly appreciated!
    Jim

    hi jim,
    you cannot really configure this in portal. if somebody manually appends &_mode=16 we display the default edit mode, but fully enforce security. this means that the user cannot see anything he is not allowed to see: like pending items, hidden, expired or deleted items. as you said he also cannot add, edit or delete any items.
    regards,
    christian

  • How do I prevent users from caching their sign in credentials on OWA page

    I am using Forms based authentication and want to prevent users from caching their credentials on the OWA page.
    Is there an easy way?

    Hi,
    Forms-based authentication enables a sign-in page for Outlook Web App that uses a cookie to store a user's encrypted sign-in credentials in the Internet browser. So this authentication method will force to cache their credentials in the Internet
    browser for some time. The workaround is what Willard Martin suggested.
    Refer from
    http://technet.microsoft.com/en-us/library/bb430796(v=exchg.141).aspx
    Best Regards.

  • Prevent user from reversing GR if IR has not been reversed.

    Is there any system message I can put in configuration to Prevent user from reversing GR if IR has not been reversed.
    Other than checking the GR-based IV indicator, is there any alternatives?

    Hi Clarice,
    Below path you can find necessary customizing for your case;
    MM>Inventory management and Physical inventory>Goods receipt - For GR-Based IV , Reversal of GR Despite Invoice 
    Kind regards

  • Prevent user from download my PDF file on JSP page

    I'm developing a web application using JSP, html, and javascript. I would like to prevent user from download my PDF file and only able to open on browser and read.
    How can i do that?
    Thanks!

    opening and reading involves a download.
    So i dont think you cant prevent that.

  • How to prevent users from running PRC: Transaction Import from WebADI form?

    Hi,
    We are 12.1.3 and trying to create a workflow to approve Project transactions coming through web ADI before they become effective. To this end, we want to prevent users from running the PRC: Transaction Import from the Web ADI.
    I know that if the checkbox Automatically run transaction import is not checked, the program does not run. But we want to hide this checkbox and not allow the possibility that the program could get triggered.
    To this end, we updated the BNE_INTEGRATORS_B with source='C'. This allows you to edit the integrator from Desktop Integration Manager.
    UPDATE BNE_INTEGRATORS_B SET SOURCE ='C' WHERE  INTEGRATOR_CODE ='PAXTTRXB'
    In the 4th step, where the value for Uploader Parameters is set, we have set boolean value to No. These are the fields on the page:
    Parameter Name: bne:import
    Display Name: Start Transaction Upload
    Data Type: Boolean
    Category: Field
    Default Value: Boolean Flag: No
    Description: start Transaction Import Concurrent Request
    Display Options: Displayed: Unchecked
    Display Options: Enabled: Checked
    Display Options: Required: Checked
    Prompt Left: Automatically submit Transaction import
    Display Type: Check Box
    Maximun Size: 100
    Display Size:100
    Now the checkbox is not appearing for the user to check it, But the program is automatically running when you hit Upload in the WebADI. 

    Hi ,
    Try removing the PRC: Transaction Import Program from the request group for the responsibility used by customers to submit the WebADI and then check if the program launches.
    Regards,
    Raghavan

  • How to prevent user from "normal" navigation?

    Hi everyone,
    I have a PDF with a lot of pages, which are connect through Links (It's an export from MS Visio).
    I now want all the users to keep navigating through the links and prevent accidental navigation through the "normal" way (Arrow-Keys, Mouse-Scroll, etcs...) as much as possible.
    For this I have three ideas:
    "Force" Fullscreenmode: Here I can prevent from advancing in pages by clickAdvances=false. However I think it's not possible to prevent page changes by mouse-scroll or key-press.
    Using Layers: I have read, that it is possible to show/hide layers on demand with js. But I don't know how this can be done. And I would have to change the links to js-function showing the needed layer...
    Loading/Deleting Pages: I could load and delete Pages on demand. This is probably slow and i would need two pdf files.
    Does anyone knows something that could help me to solve this problem?
    Cheers, Holger.

    1. Not possible (except if the additional method described below is used).
    2. This is possible, but it requires setting up the layers and then a system of buttons and scripts to show/hide them.
    3. Also possible, but much more complicated than using layers.
    Another option is to use a script to prevent the user from entering a page, unless its done via a button.
    However, all of these methods have their disadvantages and can be very annoying for the users. You should really think if you want to implement this feature...

  • Prevent user from update view  object

    Hi all is there is any way to prevent user from update view object at runtime, but if he have a privilege to Update he can update.
    i put all user privilege in a variable in session, but how to use it to prevent user from update .
    or ho w to make updateable view just for create or insert data not update it;
    thnx in advise

    Hi Mohammed,
    > tow view object bad way it means to page (as i think project 50 page mean to create 100 page )??
    Untill the Question is clear Answer will not be clear U never mentioned the Quantum of Pages u gng to work in POST....
    > disable commit button but if user have privilege to insert a new record ??
    Did u think this statement means something.. A user who has no privilege to commit the data wht is the purpose of giving privilege to add the data?????????
    > if i disable table or form and user try to create new record is new fields will be enabled or will be as previous row.
    This too i cant understand?? the user doesnt have access why should he need to create row.. u can disable the Create button too.....
    > by the way is there is any way to catch Sql Statement that will be committed when user press commit .
    While user press commit and u gng to call the ApplicationModule Commit so u can have a hold on doDML() method of the corresponding entity else if u gng to insert though a procedure or function
    U can restrict the same before u calling the same.......
    Regards,
    Suganth.G

  • Prevent user from navigating to a specific slide

    How can I prevent user from navigating to a specific slide? In my course, I’ve added two slides at the very end (one slide is a Resources page and the other slide is a glossary).
    I’ve added two buttons on all of the course’s slides, which brings the user to the glossary or resources page when they click on it. This should be the only way they can access these two slides.
    I don't know how I can configure the course navigation bar so that the user can't access these two slides when they advance to the end of the course. I'm essentially looking for a way to "hide" these two slides so that the user can only access them by clicking the Glossary or Resources buttons. 
    Any suggestions?

    You want to keep playbar? It will not be possible then because scrubbing
    the progress bar can always get them to any slide. For buttons it could be
    done,  easiest way is with custom navigation buttons but first have to know
    about that.

  • Hi All, We are in to Release 11.5.10.2.There is a specific requirement to Prevent users from creating Manual Sales Orders in oracle and yet users should be able to book the Sales Orders Imported from CRM system into Orcale.Please advise.

    Hi All, We are in to Release 11.5.10.2.There is a specific requirement to Prevent users from creating Manual Sales Orders in Oracle and  yet users should be able to book the Sales Orders Imported from CRM system into Orcale.Please advise.

    Thanks for your advise.
    However, I missed to mention that we have two set of users  One is for Finished Goods and another for Spares.
    Only Spares users need to be prevented from creating Direct/Manual Sales Orders in Oracle.
    As you suggested, if this will be done at Form level, that may Disallow FG users also to create Manula Sales Orders which should not be the case.
    Further, I tried to test one scenario through Processing Constraints but it did not work.
    Application
    OM
    Validation Type
    Entity
    Temp
    Short Name
    TBL
    Validation Semantics
    Created By
    Equal To
    User(Myself)
    Processing Cosntraint
    Application
    OM
    Entity
    Order Header
    Constraint
    Operation
    User Action
    Create
    Not Allowed
    Conditions
    Group
    Scope
    Validation Entity
    Record Set
    Validation Template
    101
    Any
    Order Header
    Order
    Above Created
    Please advise.

  • How do I prevent users from being able to update Firmware

    I have several users (14) with iPad 2 and they rely on an in-house developed App. we have yet to test this App on iOS 5.1 and therefore want to avoid any of the users updating the iPads at all cost!
    this question is in two parts:
    How can I prevent users from upgrading firmware themselves short of just asking nicely?
    How can I stop the iPad from automatically downloading the Upgrade when I deploy a Policy using the iPhone Configuration Utility?
    Any advice would be great!

    We've been looking at the AirWatch mdm and have been told it has this capability.  Not sure if it would be justified from an economic standpoint for you, however. 

  • How to prevent users from saving and emailing intranet documents externally

    Someone in our company needs to upload a pdf to our sharepoint intranet site for internal-only use. How can I prevent users from downloading it and emailing it externally?
    I mean, a user could screenshot it I guess, but I need to give management a due diligence answer.

    You would need to look into a reverse proxy/firewall that had the ability to block access based on content. This isn't something you can accomplish out of the box with SharePoint (even with AD RMS).
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • How can SAP be configured to prevent users from consuming locks?

    How can SAP be configured to prevent users from consuming locks?
    The issue is that we want to prevent users to use upto maximum locks and so that we will not get lock table overflow issue. I know that we can assign parameter "enque/table_size" a good amount of value. But it is not for any specific user.
    Also want to alert in CCMS if any user reaches to its maximum speficified limit of locks.
    Thanks
    Gopesh

    You cannot set a limit of locks per user. There are two ways to reduce/control the number of locks:
    - change fewer records within one transaction
    - cover more records with one lock using wildcards
    Basically it is an application / development issue.
    Best regards, Michael

  • To prevent user from droping any object from a sepacific schema

    Dear User
    I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop any object.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
    ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
    ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
    AND
    ORA-06512 AT LINE 8
    I WANT TO STOP THESE TWO ERRORS .
    PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
    Thank u.

    Given that you have not posted your code it is very difficult to know why you are getting these errors.
    Howver, I can take a guess. If I were trying to implement this functionality I would build a database event trigger that fired whenever a DROP command was issued and cause that command to fail. If this is the approach you've taken I think you are out of luck, as I belive DDL triggers were introduced in Oracle 8.
    Mind you, it's been a long time since I worked on Oracle7, so I might be wrong. In which case post your code, don't make me guess again.
    Cheers, APC

  • To prevent user from droping his own object .

    Dear User
    I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop his own objects.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
    ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
    ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
    AND
    ORA-06512 AT LINE 8
    I WANT TO STOP THESE TWO ERRORS .
    PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
    plz tell me is there any system privilege to stop user from droping his own object or any other way along with trigger at database level.
    Thank u.

    Hi
    DBAs can use PRODUCT_USER_PROFILE (in system schema) to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus, not Oracle, enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands in order to control users' ability to change their database privileges.
    The PRODUCT_USER_PROFILE table enables you to list roles which you do not want users to activate with an application. You can also explicitly disable use of various commands, such as SET ROLE. For example, you could create an entry in the PRODUCT_USER_PROFILE table to:
    read more about this at
    http://download-west.oracle.com/docs/cd/B10501_01/server.920/a90842/ch10.htm#1005648

Maybe you are looking for

  • How to call webhelp from C#

    I don't want to seem too simplistic, but I've spent at least 2 hours trying to call webelp files from c#, without any luck at all. All I ever get is three little beeps from my computer, and the IE browser never shows up at all. Here is some backgroun

  • Actual costs posted to work order without maintaining costing variant

    hi, i havent maintained costing variant for work order(maintenance order) type i used to create the work order. so when i posted goods issue, how does the actual costs get posted with out maintaining the costing variant for work order type. what is t

  • Decoding bit values, (e.g. bit# 7 (MSB, 0=LSB) in 0xFF = 1)

    I needed to "decode" or read out the bit-status of any specified bit in any given number (from U8 to U32), and as such I made a "tiny" VI to give that functionality. Since I'm rahter fresh to this whole game, I would like to get some feedback on the

  • Need to include tax amount in item cost on grpo

    Hi all is there any way where I can book my item cost on grpo basis ?? Well I have one issue, I get material and send for production before creating ap invoice but the cost of my tax not include in item after setting of 100% non deductible field, and

  • Cartesian in BPC10

    Hello! I use BPC10 for NW. I have dimension1, dimension2 which depend on the EPM context. I chose members n1, n2, n3 for Dimension1 and members m1, m2, m3 for Dimension2. In report I use this two dimensions in Row axis dimension and have result: n1 m