I am designing a web application in SERVLET and JSP with Tomcat as server and MySQL as back end. I have a login page. I want a user to visit various pages only after he/she is logged in. But what happens in my case is, if I give the page name in URL, I can visit the page even when I am not logged in! How to do I achieve it? please help.
You can add a filter to intercept the servlet and jsp。
Protect the pages you want to require authentication for with a security constraint. You define those in web.xml. The container will then ensure that only authenticated users can access the pages.
Related
I have configured a web server (based on Apache2) and there´s a contact form which redirects to domain.com/sent once information is sent by the user. However, this domain.com/sent page can be also accessed if it is manually searched in the URL. Is there any way of blocking external access to this page and throw a 404 error (already configured as a custom page) if this URL is searched manually instead of reaching it by the contact form?
Thanks in advance.
My name is Alex.
Sorry for my rather bad Englisch because i come from Germany.
I just started programming with Node.js.
Previously i made some small static HTML and CSS websites.
I have some beginner questions (which might be dump).
I think these questions are very general for now and have therefore not included any code examples.
So far I have written a static HTML website which I host locally on my computer using Node.js and Express.
My Questions are:
Which actions within a web application should take place on the client side and which on the server side. For example, I have several buttons on the start page. With the help of which predefined users can log in. When clicking on a button, the user should be redirected to the login page. The user name of the respective user should be entered directly into the username field on the login page.
How do I implement such a transition?
The username would probably have to be passed to the server using a post call. How does the user get to the next page? Should this be a simple link or should I send the new HTML document to the user via app.sendFile()?
For example, how do I change tags in an HTML document using Node.js. The same example as before a user is logged in and redirected to the next page. Now he should be greeted with his name. The name can be read from a database using the UUID.
How do I get this name into a tag?
Do I need a template engine or are there other ways to change a static HTML page.
Thank you in advance for your help.
In my opinion, security-critical parts logic be placed on the server (logging in, checking balance, authorization, etc.).
Traditionally, no code on the client side is required. You click a link/submit a form, which sends a request to a server, the server responds, the client displays the new page.
Using client side code, however, can make your app smoother and reduce the load of the server. For example: the user clicks on the shopping cart button. Instead of reloading the whole page, the user sends an ajax request, and the server responds with the cart data. Then the client updates the document, displaying the formatted cart data.
You can't "change html tags" from nodejs. You can send a response. If you send a html response, you decide how to produce the response. You can just concatenate html strings, but using a template engine is a better solution.
I read this in Wiki:
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago.
Now I want to know who creates cookies. Is it the browser or can every site create a cookie on its own? Who controls what information has to be saved in cookie and how can all the form field data be saved in cookie?
I think "Setting a cookie" section will help you a lot.
http://en.wikipedia.org/wiki/HTTP_cookie
The website creates the cookie, whether front end (Javascript cookie) or back end (PHP cookie)
The website developer controls what is stored in the cookie.
The website developer gets the information from a form, processes it, then stores it in the cookie.
COOKIES are created by site owner. cookies are actually client side sessions.
Now I want to know who creates cookies. Is it the browser or can every site create a cookie on its own? Who controls what information has to be saved in cookie and how can all the form field data be saved in cookie?
Cookies are created on the client machine by the web server. cookies are initiated using php sessions the browser on the client side stores this cookie as phpsession id which identify s the user the php on the server can then recognize the user by the cookie which is sent from the client to the server. (via the browser).
The creator of the website will control what data is contained in the cookie, for example
`<? php
session_start();
if($_SESSION['logged_in'] == "")
{
header("Location: login.php");
}
?>`
for example the above code would check if the user had the value 'logged_in' if they had not logged in they were redirected to the login page. else they could continue to view the page.
" THanks you , could please let me know can one site access cookies of other site and read information from it and make sense out of it – Vinayjava 1 hour ago"
Yes one website is able to grab information from another website this is known as Cross site request forgeryand is most often performed via XSS injection etc, it can be used to steal user cookies..
any other questions about cookies message me i should be able to help
I would like to recover the non-public information to a facebook page for an application "desktop" in C # and I do not know how. Do I have to go through a Facebook application that the user allow or do I get the Facebook user to have a access_token and display the page based on this one? FYI I use graph (and a JSON) that I get, I picked up this version as the "public" group:
https://graph.facebook.com/283774678311430
Do I have to go through a Facebook application that the user allow
Yes, you need an application to let the user give access to view the page or have the page owner give access
do I get the Facebook user to have a access_token and display the page based on this one?
Same answer, use the page owner as the user call /me/accounts and grab the page access token.
I have implemented spring security's remember me feature in our app, the way i understand it, If user opens main page directly and he is not authenticated by spring, he is taken to the login page. if he is authenticated, he stays on the main page.
However in our application, the user is likely to start the login page first (and is likely to have bookmarked our login page)
Is there any way by which the login page is smart enough to understand that the user is authenticated and redirect itself to the main page ?
I thought this approach:
Login page looks for spring's cookie, finds it, assumes user is authenticated, redirects to main page.
Problem with this approach:
Suppose user is no longer valid, Login finds the cookie, redirects to main, Main does not find user to be valid, returns to login, login finds cookie, redirects to main ....and so on
Is there any other way for the remember me to be implemented ?
Or is there any way for login to (make an ajax call) and authenticate the user using that cookie ?
Solution resolved by the answer given by matt raible in
matt raible's reply