• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Verification of my login page

 
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I have created a jsp page named Login.jsp, here's the followings code:

is that the structure of my page is correct according to you?
i create a new folder below WebContent in my project, named "authentication" and i placed below home.jsp.
This page will display, if the login and password is correct.
Also, i change some thing in web.xml of project :

When i enter "http://localhost:8080/Gestion_de_stock/authentication/home.jsp" many problem appears :
Firstly, the login page doesn't display with the style that i made in a css file "style.css"
Also, when i enter a correct login and password an error page display and a url i don't know where it comes from "http://localhost:8080/Gestion_de_stock/authentication/image/top_logo.png"
Would you please help me to find out my problem, and thank you in advance :)
 
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You have designed and configured a container-managed login.

Container-managed security, as its name implies is handled by the container (web server), not by the web application itself. All the web application does is indicate to the server when authentication is required, what transport channel (BASIC or FORM) will be used to demand credentials, and in the case of FORM-based login, the templates for the login and loginfail forms.

This means:

1. You cannot direct a user directly to the login page via a URL. In other words, "http://www.myserver.com/myapp/login.jsp" will not work properly. It will present the login page, but that page will not be connected to the container's login process, and therefore won't work. To get a login page, the user has to request one of the protected URLs that you defined in the WEB-INF/web.xml file. This will cause the server to check to see if the user is logged in, run the user through the login process, if needed, then present whatever page would normally come from requesting that protected URL.

2. You cannot write special login logic, provide additional login parameters, or expect special post-login or login-fail actions. The login process is handled by a special plugin (Realm) to the server, using a common interface method (authenticate), which accepts 2 parameters (user ID and password) from the container (obtained from the login/loginfail form) and returns a OK/failed status. To repeat, then, no application logic is involved in the container login process.

I think you understood this, based on your examples, but I like to repeat it often, because a lot of people do not.

You do have one problem, however. You have defined a rule that requires authentication on ALL URLs, including the CSS and image URLs on your login/loginfail pages. In other words, to retrieve and display the logo on the login page, you have to already be logged in. In theory, this should have caused some sort of recursion problem, but in reality what I've seen is basically what you reported.

I prefer to keep a public "hello" page myself, so that users can tell what site they've landed on and general news can be displayed. From there I can direct them to the secured part of the site.

And, of course, I exempt the CSS and image URLs from being secured.

 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your reply,
I just want to know ho can i solve my problem, i read your reply many times and i don't know how can i solve my problem
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When i put my jsp page login.jsp without style, and a simple page home.jsp it's work very well
login.jsp:

authentication.jsp:

and the web.xml remains the same, i'm stuck :'(
 
Tim Holloway
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


You do have one problem, however. You have defined a rule that requires authentication on ALL URLs, including the CSS and image URLs on your login/loginfail pages. In other words, to retrieve and display the logo and CSS on the login page, you have to already be logged in. Except that you're not logged in or you wouldn't be seeing the login page. In theory, this should have caused some sort of recursion problem, but in reality what I've seen is basically what you reported.

 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to thank you for your reply,
I would like to know what needs to be changed to make it work,please
and thank you in advance :)
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I understood what you said, but i don't know how can i applied it :(
 
Tim Holloway
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
https://coderanch.com/t/630155/Servlets/java/url-pattern-url-pattern-web

Same basic problem. Trying to match too many URLs in one pattern.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your reply :)
the authetication work now, i just replace \* by \home.jsp in web.xml.
But, why the login page displaied without style defined in style.css??

 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Use a server-relative path to include the CSS file: https://coderanch.com/how-to/java/TypesOfPaths
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much,
It work now, i just replace href="/inc/style.css" by href="<%=request.getContextPath()%>/inc/style.css"
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sigh. You should be using the EL rather than scriptlet expressions.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Where should i use the EL expression? I didn't use code java here !
I have another problem, when i want to logout,

The authentication page displayed and not the login page.
Andi if i change the href to "Login.jsp", when i want to login another time an error appears.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Where should i use the EL expression? I didn't use code java here !


You do here: <%=request.getContextPath()%>. You can use a functionally equivalent EL expression instead of scriptlets.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you mean this expression ?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What about the other question ?
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the other question? And, you should not be using the deprecated font tag.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have another problem, when i want to logout,

The authentication page displayed and not the login page.
Andi if i change the href to "Login.jsp", when i want to login another time an error appears.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic