aspose file tools*
The moose likes JSP and the fly likes Checking for a logged in user in all jsp pages Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Checking for a logged in user in all jsp pages" Watch "Checking for a logged in user in all jsp pages" New topic
Author

Checking for a logged in user in all jsp pages

Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
I got an app that I am trying to build. What is the best way to check on all
my pages if the user is logged in and if he is not kick him to a login page or to a page that says you are not logged in?
In my case, logged in would consist of a user object in a session.
Hans Sponger
Greenhorn

Joined: Apr 08, 2004
Posts: 3
I assume you first make some decision if the user should be logged in or not, such as password verification.
Once you decide the user is logged in, you can add an attribute to the session.
For example, if you have some variable 'user' that references some User object:

Then at the top of each page you need to enforce that the user is logged in:

Note: response.sendRedirct(url) must be called before anything is written to the reponse
[ April 08, 2004: Message edited by: Hans Sponger ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61424
    
  67

Rather than polluting each page with such processing, look into writing a servlet filter to perform such checks.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

or have a look at the authentication built into application servers. You'll want to look at basic or form-based authentication. This is declaritive rather than programatic, so you don't need to worry about writing the same code into all of your JSPs.
Dave
Gert Cuppens
Ranch Hand

Joined: Jul 13, 2003
Posts: 87
I'm handling this type of problem using one central servlet. As soon as a form is submitted, the servlet checks the name of the form, the button clicked by the user and then it decides which page should be showed. But before this happens, each time I do a check whether I have a session containing a user :
private String controleerSessieEnGebruiker ( HttpServletRequest request)
{
String requestedPage = null ;
HttpSession session = request.getSession(false);
if (session == null) requestedPage = ERROR_PAGE;
else {
Gebruiker gebruiker = (Gebruiker) session.getAttribute("gebruiker");
if (gebruiker == null)
{
requestedPage = ERROR_PAGE;
Uitzondering uitzondering = new Uitzonderin(2,0, "gebruiker onbekend");
session.setAttribute("uitzondering", uitzondering);
} /* gebruiker == null */
} /* session != null */
return requestedPage;
} /* controleerSessieEnGebruiker */
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Checking for a logged in user in all jsp pages