permaculture playing cards*
The moose likes Servlets and the fly likes Login sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Login sessions" Watch "Login sessions" New topic
Author

Login sessions

Kazi Siddiqui
Greenhorn

Joined: Apr 12, 2009
Posts: 6
Thanks to JavaRanch, NetBeans and a borrowed copy of Head First Servlets & JSP, I've constructed my first working web application. So far, it's just a collection of forms, servlets and JSPs that insert and retrieve data from a PostgreSQL database, but at least it's doing everything it's supposed to.

I was wondering if there's a tutorial on how to make the website available to only those people who have the correct password. I know about sessions, etc but I'm getting confused trying to do it from scratch.
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9291
    
  17

Well you can use filter based authentication or http basic authentication to achieve your goal...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Kazi Siddiqui
Greenhorn

Joined: Apr 12, 2009
Posts: 6
Really? You mean there's no need to manually fetch user information from the database, or store the login state in cookies? No wait, I see it does use session attributes. Never mind.

Thanks!
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 37890
    
  22
This sort of question is usually discussed on another forum. Moving.
Kazi Siddiqui
Greenhorn

Joined: Apr 12, 2009
Posts: 6
Okay, I tried my best to get http basic authentication right. It's showing the dialog box at the right time, but it's not letting me into protected pages no matter what username and password I enter. I tried changing it to form-based authentication. It's showing the login form, but giving the same problem: sending me to the error page even if the given password is correct. I then discovered a chapter of Head First devoted to security, which made me change the "name" attributes in tomcat-users.xml into "username" attributes, but that doesn't seem to have made any difference. What could be causing this? Do you think switching to filter-based authorization might help? I'm out of ideas except for that one. The thing is, I'm not even sure Tomcat is reading it's config files properly, since this version came bundled with NetBeans. I tried following this procedure, but nothing changed: http://www.onjava.com/pub/a/onjava/2002/06/12/form.html (I've changed it back now)

tomcat-users.xml:


web.xml: (partial)


PS. Could one of you geniuses please take pity on me and tell me the correct format, so I don't have to keep restarting Tomcat (which means turning NetBeans off and on in this slow machine) until I hit the correct permutation?
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Kazi Siddiqui wrote: servlets and JSPs that insert and retrieve data from a PostgreSQL database


then why cant you check the username and password with Database . personally,i prefere this approach.It is a standard way

Hope this helps
Kazi Siddiqui
Greenhorn

Joined: Apr 12, 2009
Posts: 6
seetharaman venkatasamy wrote:then why cant you check the username and password with Database . personally,i prefere this approach.It is a standard way

Hope this helps

I guess it looks like a lot of work now that I know there's an easier way. Besides, why won't this method work when I know it's supposed to? I just finished configuring everything like the guide said. Configuring the xmls, adding j_* into the form, etc. I feel bad removing all that again for no good reason. (that I understand anyway) Or is this sort of thing common with this method? Come on, there has to be some minor thing I've forgotten. Any suggestions? Please?

PS. I think I made exactly 3 changes to the project: 1) configured web.xml as above 2) configured tomcat-users.xml as above 3) added j_username, etc. to the login form. Is there anything else I should've done?



PPS. Okay, if I had to do the authentication part manually using servlets and JDBC, what would be the easiest way to keep unauthenticated people out of protected pages? Servlet Filters? Putting a little JSP on every page?
Mohamed Inayath
Ranch Hand

Joined: Nov 22, 2004
Posts: 124
Use filter for Authentication.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Login sessions
 
Similar Threads
Disabling browser back button using servlets.
Session help
jsp-servlet-jsp
HttpSessionListener
Where to start when beginning enterprise java