tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Yee-King <>
Subject Re: hiding URLs
Date Mon, 09 Oct 2000 13:44:36 GMT

this is ok but won't stop a determined person from misbehaving - they
could just mouseover the links to see where they go or call properties
on a page. better to use a session scope bean that has its status
changed constantly with page changes to reflect the pages that should be
available to the user. if the bean does not have the correct status to
access a page, use <jsp:forward page="youaremuckingabout_error.jsp"/> to
bouce the user to an error page.


<% if(!userBean.getLoggedIn()){ // they didn't log in 
<jsp:forward page="youaremuckingabout_error.jsp"/>


hope that helps...


Paul Russell wrote:
> On Mon, Oct 09, 2000 at 01:00:36PM +0200, Zsolt Koppany wrote:
> > how is it possible to hide the URL in Netscape's location? My
> > application calls (after login) several other jsp applications and I
> > want to prevent that somebody just makes a bookmark to a location that
> > can be called only after the user has logged in?
> Use a framed bounce (urgh). Have a wrapper frameset which appears
> at the top level URL for the application and then have only one
> frame in it which points to the real URL for the application.
> Yucky, but functional (unless you have a no-frames browser).
> Paul
> --
> Paul Russell                               <>
> Technical Director,         
> Luminas Ltd.

View raw message