GeeCON Prague 2014*
The moose likes Servlets and the fly likes User Auth Using Cookies Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "User Auth Using Cookies" Watch "User Auth Using Cookies" New topic
Author

User Auth Using Cookies

Nick Fernandez
Greenhorn

Joined: Apr 01, 2008
Posts: 10
Hi,
I seem to have tied myself in circles posting (using POST) a users password from a JSP page to a servlet.
If the posted password matches what is listed in the servlet then the inbound ServletData(com.javaranch.common.ActionServlet) object is opened and the HttpServletResponse object is extracted, has a cookie added to it and then is used to form part of a new ServletData object passed to a newly created 'action' within the same servlet.
NOT using forward() or redirect(). The code should make this a bit clearer.

This new doAction() method should then check to see that the incoming ServletDataObject has the correct cookie for access, then write out a jsp page if so.

What I am finding is the first time I click 'submit' on the password page that it doesn't send me to the error page, but neither do I get sent to the new JSP. All it does is add the Jsession id to the URL, the second time I hit submit it is ok.

I found this post http://www.coderanch.com/t/362557/Servlets/java/cookie-questions

But am still not clear what is going on.

The login jsp is :-



In the servlet I have


Which leads to :-


Calling new ListVideos().doAction(newServlet). Usually called from inbound post requests from client. In this case called from servlet itself, is this acceptable?

So first time I submit the login JSP

Orion server log outputs
127.0.0.1 - - [01/Apr/2008:19:41:23 +0000] "POST /videos2/servlet/VideoServlet;jsessionid=PEEEHHKHLHJB HTTP/1.1" 200 502

second time

127.0.0.1 - - [01/Apr/2008:19:42:20 +0000] "POST /videos2/servlet/VideoServlet HTTP/1.1" 200 694

Checking in firefox and opera I can see the correct cookie has been created and it allows me to do other things without logging back in,

I have the sinking feeling I have missed the point.
It was supposed to be an exercise in MVC Model 2.

but never mind.

cheers

Nick

[ April 01, 2008: Message edited by: Nick Fernandez ]
[ April 02, 2008: Message edited by: Marilyn de Queiroz ]
Sudhakar Duraiswamy
Ranch Hand

Joined: Dec 20, 2007
Posts: 43
Hi Nick,
Assuming you having givena correct password ,dont you think this would lead to an infinite loop.


sudhakar.D


Sudhakar
SCJP 5.0 93%| SCWCD (prep. ongoing))
Nick Fernandez
Greenhorn

Joined: Apr 01, 2008
Posts: 10
My apologies. The code for new ListVideos().doAction(newServlet) is not shown.
I guess you thought I was sending VideoLogin back to itself. This is not the case.

I was trying to avoid it, but the complete code is posted below.
Usually the relevant 'action' is called using POST from a JSP page.

But by using new ListVideos().doAction I am calling an action directly\building an instance of private class ListVideos, calling its doAction method and passing it a ServletData object, all from within private class VideoLogin within the servlet. Is this acceptable?

thanks

Nick


[ April 02, 2008: Message edited by: Marilyn de Queiroz ]
Marilyn de Queiroz
Sheriff

Joined: Jul 22, 2000
Posts: 9046
    
  10
Originally posted by Nick Fernandez:
I seem to have tied myself in circles posting (using POST) a users password from a JSP page to a servlet.
If the posted password matches what is listed in the servlet then the inbound ServletData(com.javaranch.common.ActionServlet) object is opened and the HttpServletResponse object is extracted, has a cookie added to it and then is used to form part of a new ServletData object passed to a newly created 'action' within the same servlet.
NOT using forward() or redirect(). The code should make this a bit clearer.

Calling new ListVideos().doAction(newServlet). Usually called from inbound post requests from client. In this case called from servlet itself, is this acceptable?

I have the sinking feeling I have missed the point.
It was supposed to be an exercise in MVC Model 2.

Let me begin by saying that you are welcome to post in the Cattle Drive forum since you are working on a Cattle Drive assignment (and welcome to JavaRanch, by the way). I felt that I had to remove your code because if you post great code for these assignments, you will be robbing others of an education, and Google is everyone's friend. Pseudocode is more than welcome.

I think I can respond to your questions without the code, however. The idea is that you use the videologin.jsp to log in (obviously), which sends you to the servlet, which by default sends you to listvideos.jsp which sends you to the servlet when you click on the "add a new video" button which sends you to the addvideo.jsp which sends you to the servlet which sends you to the listvideos.jsp.

You should not be going from servlet to servlet nor from jsp to jsp. Does that help?


JavaBeginnersFaq
"Yesterday is history, tomorrow is a mystery, and today is a gift; that's why they call it the present." Eleanor Roosevelt
Nick Fernandez
Greenhorn

Joined: Apr 01, 2008
Posts: 10
Hmm,

Food for thought.

thanks Marilyn!

cheers

Nick.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: User Auth Using Cookies