I m making a website in which I hav an admin and members ..
I want to define rights of users who can access a certain page..
For this purpose I m using an array of String along with a Session object.
I m storing URLs of pages which a simple user can access and storing them in session object..
Here is the code which i have written in sign In page..

HttpSession session = request.getSession();
           String authority[] = null;
           authority[0] = "signIn.html";
           authority[1] = "signUp.html";
           athority[2] = "Post.html";

                            
            session.setAttribute("Url", authority);
            
            session.setAttribute("userName", request.getParameter("userName"));
            String user1 = (String) session.getAttribute("userName");

            ServletContext sc = getServletContext();
            RequestDispatcher rd = sc.getRequestDispatcher("/sign_In.jsp");

            rd.forward(request,response);

                           
            if (user1 == null)
            {
                    response.sendRedirect("signIn.html");
                    return;
             }

The code which I m writing to check the rights of a user

HttpSession session = request.getSession(false);
        String user = (String) session.getAttribute("userName");
        if (user == null)
        {
                response.sendRedirect("signIn.html");
                return;
        }
        if(session == null)
        {
                response.sendRedirect("signIn.html");
        }
        else
        {
                 String[] athority = (String[]) session.getAttribute("authority");
                 for(int i = 0;i<athority.length;i++)
                 {
                        if(athority[i].equals("CreateNewPostJava.jsp"))
                        {
                               response.sendRedirect("CreateNewPostJava.jsp");
                        }
                 }
                 response.sendRedirect("mainPage.jsp");
          }


           response.sendRedirect("CreateNewPostC.html");

But when i execute this code, No session is created...
Please help me in correcting this.


Thanx..

Have you tried to check the error messages you get?

The first piece of code will result to a NullPointerException since you don't initialize the array. If you didn't accidentally forgot to do that, then forget what you are doing and try to learn basic java first.

At the second piece of code, you are using the session instance: session.getAttribute and the you check if it is null. If there is any chance that session would be null then this would give you an exception first: session.getAttribute

Not to mention that you never put this into the array:

if(athority[i].equals("CreateNewPostJava.jsp"))

You do this:

authority[0] = "signIn.html";
           authority[1] = "signUp.html";
           athority[2] = "Post.html";

How do you expect it to be equal.

You also put the array into the session with key: "Url" But at the second code you use a different key.


So in conclusion, stop what you are doing, learn some basic java first (how to creare arrays for example) and then buy a book and study about jsp and servlet. Because from that code, I doubt it that you spend some serious time in learning the basics about web design

I have done that matching because i want to check that whether control is going in IF condition or not..
I m doing this thing first time thats y got a bit confused. But it does not mean that i hav no concept of programming at all...
I know it is my mistake but i m here to learn...

thanx for the help, I 'll try it...

What book are you using. From where you get your resources?

Also you don't need to put all the "authorities" in the session. You know those. Just pass the authority of the specific user:

String authOfUserLoggedIn = (String)session.getAttribute("authority");

if ("some_authority1".equals(authOfUserLoggedIn )) {
// user is authority1 // go to right page
} else if ("some_authority2".equals(authOfUserLoggedIn )) {
// user is authority2 // go to right page
} else if ("some_authority3".equals(authOfUserLoggedIn )) {
// user is authority3 // go to right page
} else {

}

When the user logs in just pass his "authoriy". (Taken from the database for example). You already know the other roles. You defined them. You don't need to pass them in the session.
What changes, every time the code executes, is the user that logs in.

I don't get ur point..
Can u Plz elaborate..
I m not using any specific book, just taking help from internet websites and online tutorials...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.