How do I protect my java web application?

Java

I have a web application that when users log in, they arrive at mainjsp JSP page

In this page, there are few date text boxes, and submit data according to the date and from another drop-down list This data is retrieved by the servlet and returned to the mainjsp page

My concern is safety Now, when I copy and paste mainjsp JSP page URL and paste it into any browser, the page will be displayed as it is I don't want this to happen I want users to log in first, so I want my web application to be secure

I don't know what to do Can you tell me how to do this?

Also tell me how to do this for any page in a web application If the user is not logged in, the user cannot access any pages

Solution

You should have form - based authentication The following should be added to the web Code snippet for XML

<security-constraint>
    <web-resource-collection>
        <web-resource-name>pagesWitUnrestrictedAccess</web-resource-name>
        <description>No Description</description>
        <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <description>No Description</description>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>


<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginerror.jsp</form-error-page>
    </form-login-config>
</login-config>

Some references:

> Securing Web Applications > Securing Java EE 5 Web Applications > Declaring Security Requirements in a Deployment Descriptor

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>