File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes how do I know what the user has clicked? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "how do I know what the user has clicked?" Watch "how do I know what the user has clicked?" New topic
Author

how do I know what the user has clicked?

Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
hi guys.. simple example:
a user wants to post a product (post.jsp), he/she clicks on the post link. The application checks the session and notices that the user has not logged in. The servlet redirects to login.jsp. After the user types user name/password and clicks the submit button, I want my application to redirect the user automatically to post.jsp. How do I do that?
thanks..


I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Have a look at Basic or Form-based authentication first (form-based by preference), since this supposed to be built into J2EE complient application servers and does exactly this.
There isn't a problem explitly handling security in small sites, but it becomes a chore in larger sites. Rather than having to write security info into every page, this allows you to manage security via configuration.
The downside is having to 'give up' responsibility, which is always a problem for programmers, but it's a better way to go in the long run.
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
thanks david.. I was expecting something really different, like "use this to keep the url stored somewhere... blah bla ". It is for example when you post a message in javaranch you get some sort of advise saying:
"sit tight, we are taking you back to..." and it redirects you where you were located.. like that..
I'll do some research on what you advised and will let ya know..
thanks
Anthony Villanueva
Ranch Hand

Joined: Mar 22, 2002
Posts: 1055
I think you are talking about the refresh header.
Rishi Tyagi
Ranch Hand

Joined: Feb 14, 2002
Posts: 100
You should use the meta tag in the header part of the html
and write some message in body
I think this is a simple method to achieve that
Rishi
Chris Reeves
Ranch Hand

Joined: Apr 03, 2002
Posts: 95
When the user is redirected to the login.jsp page, you'll want to save the post.jsp page in the session as the "target" or some such. Once the user is validated, forward them to the target page.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

The session is one place to keep the redirect URL and a cookie is another. I prefer to use the session, but I believe WebSphere uses cookies.
After you have authenticated the user, you will be more likely to want to redirect to the original page rather than forwaard or include it.
The first (lesser) reason is that it changes the URL seen in the location bar to the correct page instead of the login page.
The more important reason is that if you forward or include the next page, they share the same request and response and therefore the authentication credentials are still available.
This is unlikely to be a problem if you are writing the entire thing yourself, but when you have multiple developers you'd have to trust them implicitly (i sound like a security guy).
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
Ok David... let me get your idea.
1o.) the user tries to access a member's page.
2o.) the application that I'm entirely building checks that the user has not logged in. It redirects (or forward??) it automatically to login.jsp.
3o.) when the user types username/password and click submit, the application redirects the user to the page he/she wanted to access before.
am I complicating myself? should I redirect the user to the main page?

After you have authenticated the user, you will be more likely to want to redirect to the original page rather than forwaard or include it.
The first (lesser) reason is that it changes the URL seen in the location bar to the correct page instead of the login page.

to be honest I've never used redirect, I always use forward. What i've read is that redirect creates a new request, right? if I use redirect, do I loose my session? ...
this might sound like dumb questions but I need clarification.
thanks
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You are correct, but I'll just step through in slightly more detail...
  • user requests a secured page - member.jsp
  • member.jsp tests and sees that the user has not been authenticated.
  • member.jsp first writes its details to the session and then does a forward, include or redirect to login.jsp (more on this later)
  • user actually gets sent the login page.
  • user puts in security credentials and submits the login page to a login processing servlet - eg LoginServlet
  • if the user is authenticated, LoginServlet does a redirect to the page that was originally requested.


  • In the third step, there isn't a huge difference that I can tell, but I still prefer to use the redirect since then it will display the login jsp name in the location bar - it is lesslikely that users will get confused as to what is happening (this is not the page you are looking for)
    As to the use of response.sendRedirect, yes it does create a new request and response, but the application server will protect you from losing the session.
    Dave
    Chris Reeves
    Ranch Hand

    Joined: Apr 03, 2002
    Posts: 95
    David -
    Right on about the redirect vs. forward.
    From here on out, if I say "forward", that's just code for "redirect".
    David O'Meara
    Rancher

    Joined: Mar 06, 2001
    Posts: 13459

    I thought that might be the case
    Thats why I usually try to say 'include', 'forward' or 'sendRedirect' so that it matches what is happening. (pretty sure I messed up somewhere above anyway)
    Sometimes I confuse myself when I start including 'redirect' and multiple (english as opposed to JSP) definitions of 'include', 'forward' etc.
    Maulin Vasavada
    Ranch Hand

    Joined: Nov 04, 2001
    Posts: 1871
    hi
    i'm too late to read this message but i did exactly the same.
    i used getPathInfo() method of the the Request.
    this is how it works,
    requested page
    http://.../jsp/displayProducts.jsp
    where i found the user is not logged on. so i redirect to the below servlet using,
    http://..../servlet/myservlet/jsp/displayProducts.jsp
    now when the webserver looks servlet in the request it passes request to my servlet and i can get /jsp/displayProducts.jsp using getPathInfo() and i used to store it in the session as far as i needed it and then was removing it.
    regards
    maulin
    Andres Gonzalez
    Ranch Hand

    Joined: Nov 27, 2001
    Posts: 1561
    getPathInfo() . this is the one I need..
    thx
     
    Don't get me started about those stupid light bulbs.
     
    subject: how do I know what the user has clicked?
     
    Similar Threads
    how to pass the value from the servlet to the google maps webservices
    Calling another web application
    controlling browsers back button
    How do I get a JButton to invoke a web browser?
    Passing HTTP Header!