I want to create and maintain a user profile object which will be available for the life of the user's session. This profile will contain information such as name, address, phone, and application preferences. Various pages of the web application will use this information.
My thinking at this point is to create a JavaBean at login, populate this bean with the user's information from the database, and then add this bean to the user's session, or have it be a bean with session scope. Essentially I want to do this between the login page and the first page that the user sees after login.
How would I go about doing this? Do I add the code for this to the first page after login?
Any suggestions will be appreciated. If the above is not the right approach for this sort of thing then feel free to give me a better idea.
How is your app structured? Is the login activity occuring in a JSP page or in a servlet.
I never do any type of processing in a JSP page, so for me, it'd be a simple matter to create the User bean in a servlet after a successful login operation and put it on the session prior to forwarding along to the page.
then add this bean to the user's session, or have it be a bean with session scope.
There isn't any or here; both of these statements respresent the exact same thing.
Thanks Bear. What I'm unclear on is how I specify which page is seen next after login, and how I can intercept the request after login and before the next page in order to handle it with the servlet which will create the user profile for inclusion in the session.
For example in the web.xml you specify the <form-login-page> (login.jsp in my case) which will have a form with action="j_security_check". Once the authentication is performed then how does the application know which page to redirect to as the next page (i.e. where do we specify this in web.xml)? And what if there needs to be a different first page for different sorts of users (i.e. users with different roles)?
Essentially what I want to do is to have a login.jsp with the login form (I know how to do that part), and then somehow specify that if authentication succeeds then send the request to the servlet which will build out the user profile, and then redirect the request to the initial page which is appropriate for the role of the user (for example if role == "trader" then go to TraderHome.jsp, if role == "broker" then go to BrokerHome.jsp).
Can anyone comment on how I might do the above? Thanks in advance for any suggestions.
Joined: Sep 12, 2003
It seems that the best way to go about this is to abandon the form based login approach and instead to use a servlet which checks the authentication of the user by looking for the presence of a user profile object in the session. If this exists then the user is forwarded back to the original page, and if not the user is forwarded to a login page which will have another servlet as its form action which will do the authentication, build the user profile, and set the user profile in the session, and then forward to the originally requested page. Does this sound right? Is there any example code available online which does this?
A common mechanism for doing the check is to establish a servlet filter that rredirects to the login page when necessary. That way you don't need to put the goo to perform the check on each page or servlet.
I encountered this problem before I knew about filters, and what I did was make a common abstract Servlet superclass for all my servlets with the service() method overridden to check for login status. If the user is logged in, super.service() is called, otherwise the user is redirected to the login page.
With filters you'd have declarative control (through web.xml) over which resources need require the user to be logged in.