Hi Everyone,
I am writing a small web based application which requires user authentication.For this I am using two servlets and a html form.The user enters the loginid and password in the html form and this information is passed to the first servlet.the servlet verifies the login and if its ok sets a session id and invokes another servlet using the requestDispatcher.forward() method.The second servlet retrives the session id and if its a valid session, processes the user request.
To ensure that no one gets to the second servlet directly(by bypassing the login page and the first servlet), I try to retrieve the session id in the 2nd servlet and if there is no such id i print a error message.My problem is when i try to access the second servlet directly, "i get a page not found" error rather than my own error message.
i am attaching the code for my second servlet.any help in this regard would be greatly appreciated.
System info
Windows NT 4.0
IIS 4.0
JRun 3.1 servlet engine
Subbu

import java.io.*;
import java.sql.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class loggedin extends HttpServlet
{
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("<html><head><title>My First Servlet");
out.println("</title></head><body>");
ServletContext context = getServletContext();
String attributecookie = (String)context.getAttribute("XXXXXXXXX");
HttpSession session = req.getSession(false);
String sessioncookie = (String)session.getValue("XXXXXXXXX");
out.println("<p>The Session id is" + sessioncookie + "<p>");
out.println("<p>The attribute id is" + attributecookie + "<p>");
if(((attributecookie.length())==0) | | ((sessioncookie.length())==0))
{
out.println("<p>You are not authorized to view this page<p>");
out.println("<p>Please relogin<p>");
out.println("</body></html>");
}
else
{
if((attributecookie.compareTo(sessioncookie))==0)
{
out.println("<p>The Session id is" + sessioncookie + "<p>");
out.println("<p>Session established<p>");
out.println("</body></html>");
try
{
session.removeValue("XXXXXXXXX");
}
catch(IllegalStateException e)
{
out.println("Illegal State exception");
}
session.invalidate();
//context.removeAttribute("XXXXXXXXX");
}
else
{
out.println("<p>You are not authorized to view this page<p>");
out.println("<p>Please relogin<p>");
out.println("</body></html>");
}
}
}
}

Hi, there:
The problem probably happens on your URL used in your 1st servlet when you tried to forward request. The URL used in getRequestDispatcher(url) is supposed to be one relative to the server root.
David

What I am trying to say is, when i try to access directly without going thro the first servlet, i get a "page not found" error message.i want to print my own error message and probably redirect the user to the login page again.but i am not able to do so.

Originally posted by Subbu Aswathanarayan:
Hi Everyone,
I am writing a small web based application which requires user authentication.For this I am using two servlets and a html form.The user enters the loginid and password in the html form and this information is passed to the first servlet.the servlet verifies the login and if its ok sets a session id and invokes another servlet using the requestDispatcher.forward() method.The second servlet retrives the session id and if its a valid session, processes the user request.
To ensure that no one gets to the second servlet directly(by bypassing the login page and the first servlet), I try to retrieve the session id in the 2nd servlet and if there is no such id i print a error message.My problem is when i try to access the second servlet directly, "i get a page not found" error rather than my own error message.
i am attaching the code for my second servlet.any help in this regard would be greatly appreciated.
System info
Windows NT 4.0
IIS 4.0
JRun 3.1 servlet engine
Subbu

import java.io.*;
import java.sql.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class loggedin extends HttpServlet
{
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("<html><head><title>My First Servlet");
out.println("</title></head><body>");
ServletContext context = getServletContext();
String attributecookie = (String)context.getAttribute("XXXXXXXXX");
HttpSession session = req.getSession(false);
String sessioncookie = (String)session.getValue("XXXXXXXXX");
out.println("<p>The Session id is" + sessioncookie + "<p>");
out.println("<p>The attribute id is" + attributecookie + "<p>");
if(((attributecookie.length())==0) | | ((sessioncookie.length())==0))
{
out.println("<p>You are not authorized to view this page<p>");
out.println("<p>Please relogin<p>");
out.println("</body></html>");
}
else
{
if((attributecookie.compareTo(sessioncookie))==0)
{
out.println("<p>The Session id is" + sessioncookie + "<p>");
out.println("<p>Session established<p>");
out.println("</body></html>");
try
{
session.removeValue("XXXXXXXXX");
}
catch(IllegalStateException e)
{
out.println("Illegal State exception");
}
session.invalidate();
//context.removeAttribute("XXXXXXXXX");
}
else
{
out.println("<p>You are not authorized to view this page<p>");
out.println("<p>Please relogin<p>");
out.println("</body></html>");
}
}
}
}

Hi,
This has nothing to do with your servlet code. As, you are getting page not found error, Check for Servlet mapping in the server and if you specify URL correctly.

If I am not mistaken, your servlet do not have doGet() method. that may be the problem

Hi Cynthia,
Its working fine after i put the doGet() method.thanks a lot.
Subbu