This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Servlets and the fly likes problem with request forward Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "problem with request forward" Watch "problem with request forward" New topic
Author

problem with request forward

sureshbabu
Greenhorn

Joined: Dec 09, 2004
Posts: 8
Hi all,

I've a problem with request forward.


1) I have a servlet which authenticates the user and forwards the request & response to some page that accepts cookies. This works fine for the fist time and if I logout and try to login (in the same browser instance), authentication happens in the servlet but the forward doest seem to work and throws back to the same login page.

Code snippet:
String strURL="/"+redirectURL;
RequestDispatcher rd = getServletContext().getContext("/").getRequestDispatcher(strURL);
rd.forward(request, response);

2) The same works fine when the response is written

StringBuffer successpage=new StringBuffer();
// script to submit the form when the body loads
successpage.append("& ltform name=f1 action="/Loginhandler+" method=post& gt");
successpage.append("& ltINPUT type=hidden name=\"Username\" value="+userID+"& gt");
successpage.append("& ltINPUT type=hidden name=\"Password\" value="+password+"& gt");
successpage.append("& ltINPUT type=hidden value=LoginModule name=module& gt");
successpage.append("& ltINPUT type=hidden value=verify name=action& gt");
successpage.append("& ltINPUT type=hidden name=RememberLogin value=" + rememberlogin + "& gt");
successpage.append("& lt/form& gt& lt/BODY& gt& lt/HTML& gt");
out.println(successpage.toString());

Can anyone tell what could be the problem with the scenario 1


Hope the question is clear

thanks in advance

Suresh
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I'm not sure I have the answer, but I do have a couple of points.

Firstly I'm not sure why you're using getContext("/"). I hope the forward is occuring in the same context, so you shouldn't need it.

You may not need to forward, and in fact using sendRedirect may be better. The user visits the login page, submits credentials to the servlet, the servlet response writes the session cookie and redirects to the next page. The other advantage is that if the user reloads the page, they don't try to login again!

As I said not sure it helps, but I hope it's useful anyway.
Dave
sureshbabu
Greenhorn

Joined: Dec 09, 2004
Posts: 8
Hi dave,
forgot to mention, the forward happens to a diffent web application in the same web container. For that reason, we used getContext("/").

Suresh
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

If you have two web applications, call them A and B, then you need to log into them both individually. Logging into A does not log them into B, even if it does give them a cookie with a session ID that is shared between the two contexts. The session isn't shared either, again they may have the same session ID, but they can't see each other's data.

My understanding is that you have two contexts (I'm not sure why it's two and not all in one). The user logs into A, and after logging in successfully they are sent the 'forwarded' reponse from context B. I'm assuming that the security in B requires authentication to access the forwarded respnse (otherwise it would breach B's security). Since the user is logged into A but not B, this fails and B sends back the login page instead.

This is all still guesswork based on you description.

Now, depending on the container you're using, it may be possible to log the user into B from A using so custom API call, but I've never seen it. If the container supports SSO (single-sign-on) this may help, but what I've seen hasn't been to promising.

Not too much help I'm afraid.
Dave
sureshbabu
Greenhorn

Joined: Dec 09, 2004
Posts: 8
To make it more clear why there are more than one context

We have three different web apps say A, B and C. End - users can access any of this application with the same user id and password, by login in seperately.

The requirement is such that, authentication for all these users should happen via another web app lets say D, that will authenticate the user and if the user exists, then redirects the user to the corresponding page from where the user came in (A or B or C). If the user does not exist, then it will redirect to an error page. The user can again try login to the web - app from the error page. Upon submitting the page, the authentication happens through the web-app D and the same process continues...

Hope my explanation is understandable.

regards
Suresh
 
Don't get me started about those stupid light bulbs.
 
subject: problem with request forward