Hello everyone I'm just a newbie in java/jsp
Need suggestion and how to proceed in the following:
1. Wanted to create web app. (jsp/servlet) with login and access autorization.
the situation is like i have a home page with login info inputs, i direct the inputs to a jsp in server to check validation ,doing it , it will show a new page to access.
do you all think that jsp page which is doing the validation can be accessed by directly typing url of it. if yes how i can prevent it. (means i dont want the user to let them access or know about this page as home page html info can show the action/post text so it can revel that page name to directly access.)

2. as in here(daniweb) we have 2 types of access as guest or as user. as guest we can't access like create of modify how one can implement this thing. just a how to will be good.

3.back in DataBase do you think i have to create 2 user one which can have the table with user and password list to clear validation and then 2nd for keeping organisation data. or just 1 is good. (if not what way i should proceed).
if user found correct will allow the next page to access with his/her credentials ( how to do/implement different credentials , do i need to write differnt page alltogether for that?)

4 the page which need to be accessed only by autorized users , how i can protect that page so that no one can access without login.
Thanks
R.S

Thanks for reply .but i dont want a whole book in response. What i expecting is simple suggestion what a developer would follow.not even code thanks

Reread the first line of my post, then do that, and you can use the section of the tutorial included in my first post that handles those.

Thanks again , i appreciate your response and is good as well but i'm not as experianced as you and i didnot missed "google session" . i know session is sitting in all answers.and that tutorial will have all the technicality i need. i'm reading that but i wished some one just tell me what they follow / do if they have similar problems or situation. just a fair steps. and point wise answers too as this doesnot solve how to protect direct url access, whether one user or two user approach is good in db for validation and data keeping (tables). whether any one can access my jsp which is doing validation etc. and yes any other thing in this regard that i missed mentioning and that i can face.
As these all things are not mentioned in books not always, it comes thru experiance and experiance says.... that's what i wanted to know the experiance you have with this sort of situations.
Thanks.

Use a filter to check the session, if the user is not logged in, and he wishes to go to a protected site, save that url in a newly created session object and redirect the user to a login page. After a successful login, retreive that url from the session and redirect the user back to the site he wanted.

Short of that, if it is a protected page, and you don't want to use a filter, then check the session validity first, and if the user is not logged in, simply return an error. I don't see what the problem is.

It is up to you how you separate the "levels" of access. roles are usually a good way. Have each user have a specific role(s) and have the session checker check the users role(s) against the role(s) that are needed to get access to that page.

This article has been dead for over six months. Start a new discussion instead.