This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem with request forward

 
sureshbabu
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I've a problem with request forward.


1) I have a servlet which authenticates the user and forwards the request & response to some page that accepts cookies. This works fine for the fist time and if I logout and try to login (in the same browser instance), authentication happens in the servlet but the forward doest seem to work and throws back to the same login page.

Code snippet:
String strURL="/"+redirectURL;
RequestDispatcher rd = getServletContext().getContext("/").getRequestDispatcher(strURL);
rd.forward(request, response);

2) The same works fine when the response is written

StringBuffer successpage=new StringBuffer();
// script to submit the form when the body loads
successpage.append("& ltform name=f1 action="/Loginhandler+" method=post& gt");
successpage.append("& ltINPUT type=hidden name=\"Username\" value="+userID+"& gt");
successpage.append("& ltINPUT type=hidden name=\"Password\" value="+password+"& gt");
successpage.append("& ltINPUT type=hidden value=LoginModule name=module& gt");
successpage.append("& ltINPUT type=hidden value=verify name=action& gt");
successpage.append("& ltINPUT type=hidden name=RememberLogin value=" + rememberlogin + "& gt");
successpage.append("& lt/form& gt& lt/BODY& gt& lt/HTML& gt");
out.println(successpage.toString());

Can anyone tell what could be the problem with the scenario 1


Hope the question is clear

thanks in advance

Suresh
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure I have the answer, but I do have a couple of points.

Firstly I'm not sure why you're using getContext("/"). I hope the forward is occuring in the same context, so you shouldn't need it.

You may not need to forward, and in fact using sendRedirect may be better. The user visits the login page, submits credentials to the servlet, the servlet response writes the session cookie and redirects to the next page. The other advantage is that if the user reloads the page, they don't try to login again!

As I said not sure it helps, but I hope it's useful anyway.
Dave
 
sureshbabu
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi dave,
forgot to mention, the forward happens to a diffent web application in the same web container. For that reason, we used getContext("/").

Suresh
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you have two web applications, call them A and B, then you need to log into them both individually. Logging into A does not log them into B, even if it does give them a cookie with a session ID that is shared between the two contexts. The session isn't shared either, again they may have the same session ID, but they can't see each other's data.

My understanding is that you have two contexts (I'm not sure why it's two and not all in one). The user logs into A, and after logging in successfully they are sent the 'forwarded' reponse from context B. I'm assuming that the security in B requires authentication to access the forwarded respnse (otherwise it would breach B's security). Since the user is logged into A but not B, this fails and B sends back the login page instead.

This is all still guesswork based on you description.

Now, depending on the container you're using, it may be possible to log the user into B from A using so custom API call, but I've never seen it. If the container supports SSO (single-sign-on) this may help, but what I've seen hasn't been to promising.

Not too much help I'm afraid.
Dave
 
sureshbabu
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To make it more clear why there are more than one context

We have three different web apps say A, B and C. End - users can access any of this application with the same user id and password, by login in seperately.

The requirement is such that, authentication for all these users should happen via another web app lets say D, that will authenticate the user and if the user exists, then redirects the user to the corresponding page from where the user came in (A or B or C). If the user does not exist, then it will redirect to an error page. The user can again try login to the web - app from the error page. Upon submitting the page, the authentication happens through the web-app D and the same process continues...

Hope my explanation is understandable.

regards
Suresh
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic