Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes JSP and the fly likes if a user enter a website without entering the authentication page how can i redirect Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "if a user enter a website without entering the authentication page how can i redirect" Watch "if a user enter a website without entering the authentication page how can i redirect" New topic
Author

if a user enter a website without entering the authentication page how can i redirect

senthil sen
Ranch Hand

Joined: Oct 10, 2002
Posts: 184
if a user enters a website without entering the authentication page how can i redirect him to the authentication page?
Say for example
mail.yahoo.com is the authentication page..
If the user enters mail.yahoo.com/s1.html..
Then i have to redirect him to the mail.yahoo.com page and make him enter his password and his mail iddy..
How can i do this in jsp???
I Need the code for this....
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Have you looked into form based authentication at all?
A sample thread can be found here
Essentially it allows you to configure a set of resources (ie pages) as 'secured', then anyone who attempts to access these resources if forced to login first. There is no 'sample code', it is done via configuration settings.
If you secure the login page via https then the password is protected from casual observation.
I'm concerned that you are still asking the same questions about authentication and password management that you posted a while ago. Did you want to give a brief description of what you are trying to achieve and the resources you are using (app server, database, authentication server etc) and we can help you get things sorted.
Dave
senthil sen
Ranch Hand

Joined: Oct 10, 2002
Posts: 184
thanks for ur reply david,yes i have posted this topic before but i did bot get a reply to this topic,Actually i was asked to do this programm in an interview,i could not do it,so try to tell me in detail how to do this coding,
The guy in the interview asked me how could i do this in jsp...i started to blink,so try to solve my problem..
Neha Ashok
Greenhorn

Joined: Dec 12, 2002
Posts: 26
An Easy Solution.
Check whether http-referrer is pointing to your login.jsp or not and you could very well redirect to login.page using sendRedirect().
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I'm not sure I understand. Are you saying that if they came from the login page they are accepted? I see three immediate problems.
Firstly it is easy to fake http referrers, so this isn't secure.
Secondly, the user has to visit the login page every time they want to access a secured resource.
Finally, if the login page is submitting to the secured pages, each of these secured pages would have to duplicate the authentication code, and they would all have to individually manage access to themselves.
The main advantage to authentication frameworks is that they remove authentication from individual pages. If you change authentication details, you don't have to change code in each file. You also don't have to worry about trying to synchronise the code in the pages.
Originally I wasn't a fan of letting go of the responsibility of authentication to the server, but if you consider that you only have to get it wrong once on one page to look stupid, it is a much preffered solution.
Dave
Juanjo Bazan
Ranch Hand

Joined: Feb 04, 2002
Posts: 231
You can use a Filter class and check if (for instance) the user parameter is set properly in the user's session. If it isn't, just forward the request to the login page.
Sample code:

HTH
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: if a user enter a website without entering the authentication page how can i redirect