Dear All,

I have a web-application where there are two modes of operation i.e. User and Admin. I have pages index.html, user.jsp, admin.jsp in my jsp folder. The problem is the User can go to the browser and type the admin.jsp in the url and gets the admin page. I want to restrict it.

In Other words, no one shall be allowed to directly type the addresses in the address bar to get the page.

Please guide me to start with.

Thanks in advance

Have a login page. How else will you be able to distinguish them apart. There is a tutorial in this forum

It does nt solve my purpose, because even then user can go the browser and type the url he wants. My requirement is more or less like making the URL of the address bar as read only.

Hope you got my point

user can go the browser and type the url he wants

Then after the user logs in put in the session the username and the user role (ADMIN or USER)

Then at every page get the info from the session and if someone has gone to an ADMIN page when in the session the role saved is USER then use javascript to go back and display message.

Even in the more secure sites, any one can just type the url. But if they are not logged in they are reditrected.

Also at logout remove those values from the session.

After login:

// 'username' variable the one the user entered and 'role' the one // taken from the database. If login successful put those values:
// and redirect to the next page.

At the begining of every page

String username = (String)session.getAttribute("USERNAME");
String role = (String)session.getAttribute("ROLE");

// if the above values are null, means that the user has not login.
// if this page is to be accessed only by an ADMIN the redirect

// After logout