• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how do I know what the user has clicked?

 
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi guys.. simple example:
a user wants to post a product (post.jsp), he/she clicks on the post link. The application checks the session and notices that the user has not logged in. The servlet redirects to login.jsp. After the user types user name/password and clicks the submit button, I want my application to redirect the user automatically to post.jsp. How do I do that?
thanks..
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have a look at Basic or Form-based authentication first (form-based by preference), since this supposed to be built into J2EE complient application servers and does exactly this.
There isn't a problem explitly handling security in small sites, but it becomes a chore in larger sites. Rather than having to write security info into every page, this allows you to manage security via configuration.
The downside is having to 'give up' responsibility, which is always a problem for programmers, but it's a better way to go in the long run.
 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks david.. I was expecting something really different, like "use this to keep the url stored somewhere... blah bla ". It is for example when you post a message in javaranch you get some sort of advise saying:
"sit tight, we are taking you back to..." and it redirects you where you were located.. like that..
I'll do some research on what you advised and will let ya know..
thanks
 
Ranch Hand
Posts: 1055
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think you are talking about the refresh header.
 
Ranch Hand
Posts: 102
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should use the meta tag in the header part of the html
and write some message in body
I think this is a simple method to achieve that
Rishi
 
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When the user is redirected to the login.jsp page, you'll want to save the post.jsp page in the session as the "target" or some such. Once the user is validated, forward them to the target page.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The session is one place to keep the redirect URL and a cookie is another. I prefer to use the session, but I believe WebSphere uses cookies.
After you have authenticated the user, you will be more likely to want to redirect to the original page rather than forwaard or include it.
The first (lesser) reason is that it changes the URL seen in the location bar to the correct page instead of the login page.
The more important reason is that if you forward or include the next page, they share the same request and response and therefore the authentication credentials are still available.
This is unlikely to be a problem if you are writing the entire thing yourself, but when you have multiple developers you'd have to trust them implicitly (i sound like a security guy).
 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok David... let me get your idea.
1o.) the user tries to access a member's page.
2o.) the application that I'm entirely building checks that the user has not logged in. It redirects (or forward??) it automatically to login.jsp.
3o.) when the user types username/password and click submit, the application redirects the user to the page he/she wanted to access before.
am I complicating myself? should I redirect the user to the main page?


After you have authenticated the user, you will be more likely to want to redirect to the original page rather than forwaard or include it.
The first (lesser) reason is that it changes the URL seen in the location bar to the correct page instead of the login page.


to be honest I've never used redirect, I always use forward. What i've read is that redirect creates a new request, right? if I use redirect, do I loose my session? ...
this might sound like dumb questions but I need clarification.
thanks
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You are correct, but I'll just step through in slightly more detail...
  • user requests a secured page - member.jsp
  • member.jsp tests and sees that the user has not been authenticated.
  • member.jsp first writes its details to the session and then does a forward, include or redirect to login.jsp (more on this later)
  • user actually gets sent the login page.
  • user puts in security credentials and submits the login page to a login processing servlet - eg LoginServlet
  • if the user is authenticated, LoginServlet does a redirect to the page that was originally requested.


  • In the third step, there isn't a huge difference that I can tell, but I still prefer to use the redirect since then it will display the login jsp name in the location bar - it is lesslikely that users will get confused as to what is happening (this is not the page you are looking for)
    As to the use of response.sendRedirect, yes it does create a new request and response, but the application server will protect you from losing the session.
    Dave
     
    Chris Reeves
    Ranch Hand
    Posts: 95
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    David -
    Right on about the redirect vs. forward.
    From here on out, if I say "forward", that's just code for "redirect".
     
    David O'Meara
    Rancher
    Posts: 13459
    Android Eclipse IDE Ubuntu
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    I thought that might be the case
    Thats why I usually try to say 'include', 'forward' or 'sendRedirect' so that it matches what is happening. (pretty sure I messed up somewhere above anyway)
    Sometimes I confuse myself when I start including 'redirect' and multiple (english as opposed to JSP) definitions of 'include', 'forward' etc.
     
    Ranch Hand
    Posts: 1873
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    hi
    i'm too late to read this message but i did exactly the same.
    i used getPathInfo() method of the the Request.
    this is how it works,
    requested page
    http://.../jsp/displayProducts.jsp
    where i found the user is not logged on. so i redirect to the below servlet using,
    http://..../servlet/myservlet/jsp/displayProducts.jsp
    now when the webserver looks servlet in the request it passes request to my servlet and i can get /jsp/displayProducts.jsp using getPathInfo() and i used to store it in the session as far as i needed it and then was removing it.
    regards
    maulin
     
    Andres Gonzalez
    Ranch Hand
    Posts: 1561
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    getPathInfo() . this is the one I need..
    thx
     
    Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
    a bit of art, as a gift, the permaculture playing cards
    https://gardener-gift.com
    reply
      Bookmark Topic Watch Topic
    • New Topic