Preventing direct access to a redirected page

Hello everybody,
I have the following scenario:
1)I have a jsp A.
2)Jsp A submits to a servlet B.
3)Servlet B checks the request parameters with the database and decides whether to forward to jsp C
4)If required conditions are not satisfied in 3, the user is redirected to an html error page.

Now the problem is i don't want the user accessing the jsp C directly with its url but access it only via the servlet.
If the user tries to access the page C directly, then he/she should be redirected to a page which shows the access is invalid.
How can i implement this?.
Any ideas would be much welcome.

It is customary to place JSPs under a folder within WEB-INF. There, they cannot be served directly and can only be accessed via a forward from another resource (such as a servlet).

Bear Bibeault wrote:It is customary to place JSPs under a folder within WEB-INF. There, they cannot be served directly and can only be accessed via a forward from another resource (such as a servlet).

Thanks a lot sheriff!. I didn't think the solution would be that simple.

another way, if you have trouble using JSPs under WEB-INF:

set a parameter in the request object. Request objects are shared accross forwards. Check this parameter on the destination, all the page to be displayed if set, else give error.

Himanshu Kansal wrote:another way, if you have troube using JSPs under WEB-INF:

What trouble could there be?

There's no need to put all that goop on the controllers and pages -- the WEB-INF folder (and below) cannot be served by direct URL.

At times the codebase is not available and the container tries to look for the files under folders under context-root

Also, there could be a problem in accessing a jsp from another from under WEB-INF (eg: a post under Struts forum)
Business might not want to display the complete path of the JSP

Himanshu Kansal wrote:At times the codebase is not available and the container tries to look for the files under folders under context-root

I am not understanding what you are trying to say.

Also, there could be a problem in accessing a jsp from another from under WEB-INF (eg: a post under Struts forum)

How so? If a JSP needs to be directly accessible, it should not be under WEB-INF. If it needs to be hidden, it should be under WEB-INF. Simple. There's no need for extra goop on the pages to make things complicated and create coupling problems.

Business might not want to display the complete path of the JSP

Again, your point is not clear.

Himanshu Kansal wrote:Also, there could be a problem in accessing a jsp from another from under WEB-INF (eg: a post under Struts forum)

I've done this - it works. Maybe they should address that problem before moving on to kludgy workarounds?

Himanshu Kansal wrote:Business might not want to display the complete path of the JSP

And they shouldn't. That's why you use a forward to the JSP in the first place.

I agree with all that (not that it matters ). All I tried to give was another efficient way of doing something if the first one didnt work. Options are always more the better.

My point is that the first way always works. A second solution (which is far from efficient -- it's very messy, in fact, adding unnecessary goo on the pages and enforcing strong coupling) is unecessary and confusing.

By the way, welcome to the Ranch!

Himanshu Kansal wrote:I agree with all that (not that it matters ). All I tried to give was another efficient way of doing something if the first one didnt work. Options are always more the better.

True. Although it also helps to be very clear which way is recommended so someone doesn't go with a hack before investigating the standard way properly.