Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to implement authentication for each jsp page

 
anees ahamed
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi experts,

Hope you might have understood my question from the title itself.

To be more precise, I have an application in which 5-10 jsp pages are there. Entry point of application is login.jsp .

When login.jsp is submitted, it goes to a servlet and from the servlet to an authentication method inside a bean. It performs the required checking and transfers the user to the next page(default.jsp), if he is a valid user.

Now, if a person access the default.jsp page straightaway, he can access it.

My question is, how can I restrict the users from accessing the other jsp pages straightaway without authentication? What is the most common and effectife method used for it. Do I need to set some values to session once i perform authentication check for login.jsp and use it for other jsp's or are there any other better methods?

If I am unclear somewhere in my question, kindly say, so that I will explain it.

Please help with a solution.

Regards,
Anees
 
Shailesh Narkhede
Ranch Hand
Posts: 368
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I think you have to make one filter like login filter which check user session i means check user login or not....

using this you can give or apply this filter to every request...

So, before each request it calls filter and check for user authentication ............

 
anees ahamed
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Below given is a suggestion which I got from one of my friends who work in j2ee. Kindly say whether this is a good approach.


you can save the logged in user_id in the session when logged in by request.getSession().setAttribute("user_id",user_id) then check on this user_id on every init servlet you have or in the jsp or make BasicServlet for you and let all your servlets extends from it and put this check in it and if the request.getSession(false).getAttribute("user_id") == null then throw exception
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

Yes you can do this in this way ... But in every jsp you have to put that session checking code and that code you can configure into Filter and apply that filter as per your requirement.....

 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Saving the userID in the session is a good start. You could combine that with a servlet filter that gets applied to all JSPs. Instead of it throwing an exception, it could just redirect to the login page.
 
anees ahamed
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I use request.getSession(false).getAttribute("user_id") == null to check whether the user is in session.

I have written a filter. I presume that, I should use the above checking in the public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) method of the filter class.


If it is so, ServletRequest request does not have the method getAttribute .

What is the solution for this? Or is it in some other way that I should perform this session checking in the filter?

Please help with soluion.

Regards,
Anees
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

you can cast your request object of ServletRequest by HttpServletRequest. like....



Now using httpReq object you can access property of HttpServletRequest ............



 
anees ahamed
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nishan,
I did as per your suggestion.
But I get null pointer exception from

httpReq.getSession(false) in doFilter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic