Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Checking for a logged in user in all jsp pages

 
Anthony Smith
Ranch Hand
Posts: 285
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got an app that I am trying to build. What is the best way to check on all
my pages if the user is logged in and if he is not kick him to a login page or to a page that says you are not logged in?
In my case, logged in would consist of a user object in a session.
 
Hans Sponger
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I assume you first make some decision if the user should be logged in or not, such as password verification.
Once you decide the user is logged in, you can add an attribute to the session.
For example, if you have some variable 'user' that references some User object:

Then at the top of each page you need to enforce that the user is logged in:

Note: response.sendRedirct(url) must be called before anything is written to the reponse
[ April 08, 2004: Message edited by: Hans Sponger ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64972
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rather than polluting each page with such processing, look into writing a servlet filter to perform such checks.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
or have a look at the authentication built into application servers. You'll want to look at basic or form-based authentication. This is declaritive rather than programatic, so you don't need to worry about writing the same code into all of your JSPs.
Dave
 
Gert Cuppens
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm handling this type of problem using one central servlet. As soon as a form is submitted, the servlet checks the name of the form, the button clicked by the user and then it decides which page should be showed. But before this happens, each time I do a check whether I have a session containing a user :
private String controleerSessieEnGebruiker ( HttpServletRequest request)
{
String requestedPage = null ;
HttpSession session = request.getSession(false);
if (session == null) requestedPage = ERROR_PAGE;
else {
Gebruiker gebruiker = (Gebruiker) session.getAttribute("gebruiker");
if (gebruiker == null)
{
requestedPage = ERROR_PAGE;
Uitzondering uitzondering = new Uitzonderin(2,0, "gebruiker onbekend");
session.setAttribute("uitzondering", uitzondering);
} /* gebruiker == null */
} /* session != null */
return requestedPage;
} /* controleerSessieEnGebruiker */
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic