This week's giveaways are in the MongoDB and Jobs Discussion forums.
We're giving away four copies of Mongo DB Applied Patterns and 4 resume reviews from Five Year Itch and have the authors/reps on-line!
See this thread and this one for details.
The moose likes JSP and the fly likes Checking for a logged in user in all jsp pages Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Mongo DB Applied Patterns this week in the MongoDB forum
or a resume review from Five Year Itch in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSP
Reply Bookmark "Checking for a logged in user in all jsp pages" Watch "Checking for a logged in user in all jsp pages" New topic
Author

Checking for a logged in user in all jsp pages

Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
posted
0
Quote
I got an app that I am trying to build. What is the best way to check on all
my pages if the user is logged in and if he is not kick him to a login page or to a page that says you are not logged in?
In my case, logged in would consist of a user object in a session.
Hans Sponger
Greenhorn

Joined: Apr 08, 2004
Posts: 3
posted private message
0
Quote
I assume you first make some decision if the user should be logged in or not, such as password verification.
Once you decide the user is logged in, you can add an attribute to the session.
For example, if you have some variable 'user' that references some User object:

Then at the top of each page you need to enforce that the user is logged in:

Note: response.sendRedirct(url) must be called before anything is written to the reponse
[ April 08, 2004: Message edited by: Hans Sponger ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 56150
    
  13

I like...
IntelliJ IDE jQuery Mac OSX
posted private message
0
Quote
Rather than polluting each page with such processing, look into writing a servlet filter to perform such checks.

[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I like...
Android Eclipse IDE Ubuntu
posted
0
Quote
or have a look at the authentication built into application servers. You'll want to look at basic or form-based authentication. This is declaritive rather than programatic, so you don't need to worry about writing the same code into all of your JSPs.
Dave
Gert Cuppens
Ranch Hand

Joined: Jul 13, 2003
Posts: 87
posted private message
0
Quote
I'm handling this type of problem using one central servlet. As soon as a form is submitted, the servlet checks the name of the form, the button clicked by the user and then it decides which page should be showed. But before this happens, each time I do a check whether I have a session containing a user :
private String controleerSessieEnGebruiker ( HttpServletRequest request)
{
String requestedPage = null ;
HttpSession session = request.getSession(false);
if (session == null) requestedPage = ERROR_PAGE;
else {
Gebruiker gebruiker = (Gebruiker) session.getAttribute("gebruiker");
if (gebruiker == null)
{
requestedPage = ERROR_PAGE;
Uitzondering uitzondering = new Uitzonderin(2,0, "gebruiker onbekend");
session.setAttribute("uitzondering", uitzondering);
} /* gebruiker == null */
} /* session != null */
return requestedPage;
} /* controleerSessieEnGebruiker */
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Checking for a logged in user in all jsp pages
 
Similar Threads
security in JSP
Where should the logic be?
Extending a class in JSP
JSP way to access logged in Spring user
How to control static pages and dynamic pages