hi guys.. simple example: a user wants to post a product (post.jsp), he/she clicks on the post link. The application checks the session and notices that the user has not logged in. The servlet redirects to login.jsp. After the user types user name/password and clicks the submit button, I want my application to redirect the user automatically to post.jsp. How do I do that? thanks..
I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
Have a look at Basic or Form-based authentication first (form-based by preference), since this supposed to be built into J2EE complient application servers and does exactly this. There isn't a problem explitly handling security in small sites, but it becomes a chore in larger sites. Rather than having to write security info into every page, this allows you to manage security via configuration. The downside is having to 'give up' responsibility, which is always a problem for programmers, but it's a better way to go in the long run.
Joined: Nov 27, 2001
thanks david.. I was expecting something really different, like "use this to keep the url stored somewhere... blah bla ". It is for example when you post a message in javaranch you get some sort of advise saying: "sit tight, we are taking you back to..." and it redirects you where you were located.. like that.. I'll do some research on what you advised and will let ya know.. thanks
Joined: Nov 27, 2001
Ok David... let me get your idea. 1o.) the user tries to access a member's page. 2o.) the application that I'm entirely building checks that the user has not logged in. It redirects (or forward??) it automatically to login.jsp. 3o.) when the user types username/password and click submit, the application redirects the user to the page he/she wanted to access before. am I complicating myself? should I redirect the user to the main page?
After you have authenticated the user, you will be more likely to want to redirect to the original page rather than forwaard or include it. The first (lesser) reason is that it changes the URL seen in the location bar to the correct page instead of the login page.
to be honest I've never used redirect, I always use forward. What i've read is that redirect creates a new request, right? if I use redirect, do I loose my session? ... this might sound like dumb questions but I need clarification. thanks
You are correct, but I'll just step through in slightly more detail...
user requests a secured page - member.jsp
member.jsp tests and sees that the user has not been authenticated.
member.jsp first writes its details to the session and then does a forward, include or redirect to login.jsp (more on this later)
user actually gets sent the login page.
user puts in security credentials and submits the login page to a login processing servlet - eg LoginServlet
if the user is authenticated, LoginServlet does a redirect to the page that was originally requested.
In the third step, there isn't a huge difference that I can tell, but I still prefer to use the redirect since then it will display the login jsp name in the location bar - it is lesslikely that users will get confused as to what is happening (this is not the page you are looking for) As to the use of response.sendRedirect, yes it does create a new request and response, but the application server will protect you from losing the session. Dave
Joined: Apr 03, 2002
David - Right on about the redirect vs. forward. From here on out, if I say "forward", that's just code for "redirect".
I thought that might be the case Thats why I usually try to say 'include', 'forward' or 'sendRedirect' so that it matches what is happening. (pretty sure I messed up somewhere above anyway) Sometimes I confuse myself when I start including 'redirect' and multiple (english as opposed to JSP) definitions of 'include', 'forward' etc.
hi i'm too late to read this message but i did exactly the same. i used getPathInfo() method of the the Request. this is how it works, requested page http://.../jsp/displayProducts.jsp where i found the user is not logged on. so i redirect to the below servlet using, http://..../servlet/myservlet/jsp/displayProducts.jsp now when the webserver looks servlet in the request it passes request to my servlet and i can get /jsp/displayProducts.jsp using getPathInfo() and i used to store it in the session as far as i needed it and then was removing it. regards maulin