File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes j_security_check Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "j_security_check" Watch "j_security_check" New topic


Brian Stelzer

Joined: Oct 31, 2002
Posts: 29
I want to programmatically do the above in java, how would I do it:
I enter a webpage in my browser, lets say http://localhost/contextRoot/secureResource
AppServer sees that I'm not authenticated, so it saves off my session, and
redirects me to the login.jsp( FORM based authenication ). Then I type in
username/password and I get the original page. I understand all this, but how does it work programmatically.
This is what I have in my code thus far. I get a URL for the original page, I get the cookie( session information ). It returns back the login.jsp page.
(Stumped at this point.)
What I am trying to do at this point is create a URL
http://localhost/contextRoot/j_security_root, and setting the requestAtrribute( "cookie", "cookie from before" );
But its not returning the right page???
Some ideas or example code as to how to do it would be great.
Jon Wilson

Joined: Oct 15, 2003
Posts: 14
If I understand you correctly, here is what you want to do:
1) You encounter a page that requires user authentication, so your code checks the session to see if the user has authenticated...
Boolean loggedIn = (Boolean)session.getAttribute("loggedIn");
The user has not logged in, so your page stores its URL in the session...
session.setAttribute("page", "my_page.jsp");
...and forwards the request to the login page.
requestDispatcher.forward(req, res);
2) Now the login page receives a request so it displays a login form. The end user submits his login info; it is posted to the LoginServlet.
3) LoginServlet receives the login info and matches it against a database of username and passwords. The user has now authenticated successfully, so the LoginServlet wants to return him to the page he originally requested (my_page.jsp). So, LoginServlet accesses the session...
String redirect = (String)session.getAttribute("page");
...and redirects the end user to that page.
rd = getServletContext().getRequestDispatcher(redirect);
4) Now the user is back at the page he started on and this time he is allowed to view the page because he has successfully logged in
Hope that helps!

Mensa member, Certified bartender, Created the Internet (along with Al Gore), Speak 9 languages fluently (this includes pig latin), Spelling Bee Winner, 8th Grade Math Award, Can hold breath under water for more than 2 minutes
I agree. Here's the link:
subject: j_security_check
It's not a secret anymore!