I have a java-struts web application where i have to implement a mechanism of finding whether the request which comes from client is valid?
How to validate each request in java web application?
suppose a request comes to access a particular page than i have to check whether the request is from the client who is logged in with the system.
Please help to achieve this.
Regards
You can write a servlet filter. You can read more about the same here
Filters can perform many different types of functions.
Sessions in struts2 application
This link has your answer...Use session and launch it at application level so that it is available all the time across the application. Simply check for corresponding fields that you will receive with the request.
Validating requests should be handled in the - web-application-server - struts itself - in the model
For security/authorization I would use the provided features of your webserver/web-application-server. For example: Realms when you use a tomcat. These mechanisms can provide user and more authentication/autorication-information, are well-tested and protect your application without asking to much.
For checking the request filters of your web-application-server are a good choice.
A good choice to handle "struts-request" and change the handling are stuts-interceptors. http://struts.apache.org/2.0.6/docs/interceptors.html
Validating the request sometimes means validating the model itself after setting the new values. There is the JSR303-Standard (http://jcp.org/en/jsr/detail?id=303) but the handling (especially of attacks) is up to you. That can be quite tricky.
So handle and find potential problems as soon as possible!
