This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes How to create a Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to create a "Check Login" script which sends a response?" Watch "How to create a "Check Login" script which sends a response?" New topic
Author

How to create a "Check Login" script which sends a response?

Michael Cropper
Ranch Hand

Joined: Sep 30, 2009
Posts: 137
I have created a login java file which works fine, although I want to use "response.sendRedirect(somepage.jsp)" to forward the user on if they are not authorised to view this page.

Although since I am calling this java file from a servlet, I am getting the error "Cannot forward after response has been committed" when I try to view a page I shouldn't when not logged in.

This is due to me having a "response.sendRedirect()" in the java file and also one in the servlet.

Since there are going to be several servlets using the "check login" script I needed to put it into a separate file so it saves repeating loads of code in each servlet.

How can I do what I have done so it will work correctly?

Thanks
Michael
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60732
    
  65

This should be something that you check independently of any servlets in a filter. That way, you (a) don;t have a bunch of repeated code in each servlet checking authentication, and (b) the filter can make its decision prior to any servlet deciding to emit output (after which the response becomes committed).


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Michael Cropper
Ranch Hand

Joined: Sep 30, 2009
Posts: 137
Thanks for the quick response.

I have not used filters before although just had a quick read up on them and it seems like I would put them in the Document Descriptor for all URLs containing /restricted/*

Then what happens whenever someone tries to access one of those files, the request first gets passed through a java file which does all the authentication checking based on the HttpSession data & redirects the user if they are not authorised.

Have I got the gist of that correctly?

Sounds simple enough..... now time to give it a go :-)

Thanks
Michael
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Michael Cropper wrote:Have I got the gist of that correctly?

Yup.
Sounds simple enough..... now time to give it a go :-)

Let us know how it works out.
Michael Cropper
Ranch Hand

Joined: Sep 30, 2009
Posts: 137
Let us know how it works out.


Worked out great Only took about 1 hr to get it all working correctly.

Noticed that there is such a thing as a 'response filter' too which sounds pretty cool, so ill have to read up on that too.

Thanks
Michael
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60732
    
  65

No, there's no concept of a separate "response filter". A servlet filter wraps the entire request/response.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to create a "Check Login" script which sends a response?
 
Similar Threads
Optimizing Session tracking code.
common URL Mapping for filter
Display error message from Java Helper class
how to let Java login tomcat form authorization
session invalid problem