Hi Everyone,
I am writing a small web based application which requires user authentication.For this I am using two
servlets and a html form.The user enters the loginid and password in the html form and this information is passed to the first servlet.the servlet verifies the login and if its ok sets a session id and invokes another servlet using the requestDispatcher.forward() method.The second servlet retrives the session id and if its a valid session, processes the user request.
To ensure that no one gets to the second servlet directly(by bypassing the login page and the first servlet), I try to retrieve the session id in the 2nd servlet and if there is no such id i print a error message.My problem is when i try to access the second servlet directly, "i get a page not found" error rather than my own error message.
i am attaching the code for my second servlet.any help in this regard would be greatly appreciated.
System info
Windows NT 4.0
IIS 4.0
JRun 3.1 servlet engine
Subbu
import java.io.*;
import java.sql.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class loggedin extends HttpServlet
{
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("<html><head><title>My First Servlet");
out.println("</title></head><body>");
ServletContext context = getServletContext();
String attributecookie = (String)context.getAttribute("XXXXXXXXX");
HttpSession session = req.getSession(false);
String sessioncookie = (String)session.getValue("XXXXXXXXX");
out.println("<p>The Session id is" + sessioncookie + "<p>");
out.println("<p>The attribute id is" + attributecookie + "<p>");
if(((attributecookie.length())==0) | | ((sessioncookie.length())==0))
{
out.println("<p>You are not authorized to view this page<p>");
out.println("<p>Please relogin<p>");
out.println("</body></html>");
}
else
{
if((attributecookie.compareTo(sessioncookie))==0)
{
out.println("<p>The Session id is" + sessioncookie + "<p>");
out.println("<p>Session established<p>");
out.println("</body></html>");
try
{
session.removeValue("XXXXXXXXX");
}
catch(
IllegalStateException e)
{
out.println("Illegal State exception");
}
session.invalidate();
//context.removeAttribute("XXXXXXXXX");
}
else
{
out.println("<p>You are not authorized to view this page<p>");
out.println("<p>Please relogin<p>");
out.println("</body></html>");
}
}
}
}