This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes JSP and the fly likes Checking for a logged in user in all jsp pages Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Checking for a logged in user in all jsp pages" Watch "Checking for a logged in user in all jsp pages" New topic

Checking for a logged in user in all jsp pages

Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
I got an app that I am trying to build. What is the best way to check on all
my pages if the user is logged in and if he is not kick him to a login page or to a page that says you are not logged in?
In my case, logged in would consist of a user object in a session.
Hans Sponger

Joined: Apr 08, 2004
Posts: 3
I assume you first make some decision if the user should be logged in or not, such as password verification.
Once you decide the user is logged in, you can add an attribute to the session.
For example, if you have some variable 'user' that references some User object:

Then at the top of each page you need to enforce that the user is logged in:

Note: response.sendRedirct(url) must be called before anything is written to the reponse
[ April 08, 2004: Message edited by: Hans Sponger ]
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63873

Rather than polluting each page with such processing, look into writing a servlet filter to perform such checks.

[Asking smart questions] [About Bear] [Books by Bear]
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

or have a look at the authentication built into application servers. You'll want to look at basic or form-based authentication. This is declaritive rather than programatic, so you don't need to worry about writing the same code into all of your JSPs.
Gert Cuppens
Ranch Hand

Joined: Jul 13, 2003
Posts: 87
I'm handling this type of problem using one central servlet. As soon as a form is submitted, the servlet checks the name of the form, the button clicked by the user and then it decides which page should be showed. But before this happens, each time I do a check whether I have a session containing a user :
private String controleerSessieEnGebruiker ( HttpServletRequest request)
String requestedPage = null ;
HttpSession session = request.getSession(false);
if (session == null) requestedPage = ERROR_PAGE;
else {
Gebruiker gebruiker = (Gebruiker) session.getAttribute("gebruiker");
if (gebruiker == null)
requestedPage = ERROR_PAGE;
Uitzondering uitzondering = new Uitzonderin(2,0, "gebruiker onbekend");
session.setAttribute("uitzondering", uitzondering);
} /* gebruiker == null */
} /* session != null */
return requestedPage;
} /* controleerSessieEnGebruiker */
I agree. Here's the link:
subject: Checking for a logged in user in all jsp pages
It's not a secret anymore!