• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

redirection on login

 
Ranch Hand
Posts: 76
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey all,

I need some help figgerin' this out. On my site, I have a page with links to other pages within the site. Before those links take you to the pages they point to, I want ya'll to log in first. Then after you've logged in, you will go to the page. I can handle the login page and checking a session object to see if login is true or not, but what I can't seem to figger out is how do I know which page ya'll clicked on. If you click on link A and login is false, I can force you to login in and do response.sendRedirect("linkA") but what if you click on link C? response.sendRedirect("linkA") isn't right anymore. How do I figger this out?
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Use Form based authentication. It manages this for you.
 
Ranch Hand
Posts: 15304
6
Mac OS X IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While using Form Based Authentication is a quick and easy solution, I don't always find it the best solution. Specifically, I try and make most of my webapps run in any container (Tomcat, Resin, etc). And most vendors Form Based Authentication mechanisms differe slightly. Usually just in how it is configured.

For what you want to do, the process goes like this...

User clicks link that requires login
requested page is stored in the session
user redirected to login page
upon successful authentication, user redirected to page from session

I usually use a ServletFilter to process such things. I typically call it a SecurityFilter and it handles who gets to where in my application.
 
Jay Brass
Ranch Hand
Posts: 76
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
User clicks link that requires login
requested page is stored in the session
user redirected to login page
upon successful authentication, user redirected to page from session


That's kinda how I had it thought out. I guess my brain is having trouble with the page stored in session and getting it out of session bit. If it is a link and you click on it, how do you store that and send the user somewhere else? For some reason I just don't get that part.
Does each page need to have a check for login and if false redirect to login page and then return or does the main page immediately go to the login page (no matter what link was clicked on) and check for login and if successful or true redirect to linked page?
It can't be this difficult, my gray matter is just sleeping today.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Follow Gregg's advice on using a filter.
 
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually, if you want transparent access control, it's not the presentation part that's of concern, it's the authentication framework. In other words, what's really meant here is Container Based Authentication being used with an authentication Form as opposed to a Dialog or other request for credentials.

And, as far as this being server-dependent, container-based authentication is part of the J2EE standard as expressed in the schema (formerly DTD) for web.xml. I know of no modern server, be it simple (Tomcat, Jetty) or full (WebLogic, JBoss, WebSphere or JOnAS) where you would be obliged to make any mods to the deployable unit when you ported the app.

Different appservers have different ways (often multiple ways) to configure the container's authorization configuration, but that's an operational concern, not a software design consideration.

As a matter of fact, at the moment I'm in the process of converting our apps from container-based database security to container-based Active Directory security. The only changes that I've been forced to make to the apps are those where the original design used foreign keys on the application schema to refer to user definition tables now being replaced with LDAP entries. Which would be an issue whether we'd used container security, wrapper security (filters), or security coded internal to the apps.

I do make one qualification to this assertion. In Tomcat4, I discovered that it wasn't a good idea to include external references (CSS, graphics, etc) on the login forms themselves, since the diverter wasn't handling them properly. So my login pages are all self-contained.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic