Re: Denying access to a JSP page directly
Hi, this is not a very standard way of dealing with logins.
I have seen in many applications, the way you want to handle a login
is using a "Session" - not just Request.
Now, coming to your problem, I don't think request.getParameter(..)
will ever throw a NullPointerException unless the "request" itself is
not initialized. So, I guess your Null pointer Exception is not thrown
in the try{ .. } block as you showed in your code. Pleaser re-analyze
your code to see from where you are getting the Null pointer - then
you would be able to trap that situation and handle it.
HTH
On Oct 3, 6:27 am, Sameer <dolph...@gmail.com> wrote:
Dear All,
My login page is index.html.
It accepts username/password there.
Validates it using validate.jsp and redirect it to main.jsp for
further processing.
But i noted that without using index.html, one can go directly to
main.jsp using address bar.
To avoid this i have done this.
I have added this code to validate.jsp
{
%>
<jsp:forward page="main.jsp">
<jsp:param name="security" value="secured" />
</jsp:forward>
<%
response.sendRedirect("main.jsp");}
%>
As the validate.jsp do not submit any form i have to use the forward
tag.
Now i check this at the start of main.jsp.
<%
try {
String is_secure = request.getParameter("security");}
catch (NullPointerException npe)
{
response.sendRedirect("secure.html");}
%>
If the user directly goes to main.jsp then this code will throw the
NullPointerException.
The code throws the exception (as seen on the console) but it do not
redirect it to secure.html.
Why this may be?
Is this the right approach? Any suggestions?
Thanks in advance.