• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to force login?

 
Paulo Aquino
Ranch Hand
Posts: 202
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys! Need your help here.
You see I've been developing an application and most of them are in jsp pages. There are certain parts of that application that needs the user to login first before he can view that page. I need to check for that and tell the user that he/she needs to login and redirect him/her to the login page, after which when he/she finishes typing his/her username and password he will be redirected to the page that he tried to access earlier wherein he was forbidden because at that time he still doesn't have full access to it. How do I do that?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65516
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are any number of suitable mechanisms, but I usually use a servlet filter for such tasks. The filter can determine if the page requires authentication, and if a login has not yet occured, forward to the login page rather than the requested resource. That original requested resource can be carried along as a request parameter or written into a hidden form element in the login form.
 
Paulo Aquino
Ranch Hand
Posts: 202
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Bear Bibeault
thanks for the respomse.

How about the others? anymore suggestions?
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What you are asking for is provided by Form Based Authentication. YOu restrict parts of your app and let t he container handle the authentication. What happens is your user makes a request for a restricted resource, that request is held by the container if the user is not authenticated. The user can then try to log in - if successful the container will redirect to the original request. Have a look at the servlet spec. for details.

Bear's solution is basically a hand-coded version of the same, and is good if you have extra stuff you need to do other than just authentication and authorization.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!