This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Verification of my login page  RSS feed

 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have created a jsp page named Login.jsp, here's the followings code:

is that the structure of my page is correct according to you?
i create a new folder below WebContent in my project, named "authentication" and i placed below home.jsp.
This page will display, if the login and password is correct.
Also, i change some thing in web.xml of project :

When i enter "http://localhost:8080/Gestion_de_stock/authentication/home.jsp" many problem appears :
Firstly, the login page doesn't display with the style that i made in a css file "style.css"
Also, when i enter a correct login and password an error page display and a url i don't know where it comes from "http://localhost:8080/Gestion_de_stock/authentication/image/top_logo.png"
Would you please help me to find out my problem, and thank you in advance :)
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You have designed and configured a container-managed login.

Container-managed security, as its name implies is handled by the container (web server), not by the web application itself. All the web application does is indicate to the server when authentication is required, what transport channel (BASIC or FORM) will be used to demand credentials, and in the case of FORM-based login, the templates for the login and loginfail forms.

This means:

1. You cannot direct a user directly to the login page via a URL. In other words, "http://www.myserver.com/myapp/login.jsp" will not work properly. It will present the login page, but that page will not be connected to the container's login process, and therefore won't work. To get a login page, the user has to request one of the protected URLs that you defined in the WEB-INF/web.xml file. This will cause the server to check to see if the user is logged in, run the user through the login process, if needed, then present whatever page would normally come from requesting that protected URL.

2. You cannot write special login logic, provide additional login parameters, or expect special post-login or login-fail actions. The login process is handled by a special plugin (Realm) to the server, using a common interface method (authenticate), which accepts 2 parameters (user ID and password) from the container (obtained from the login/loginfail form) and returns a OK/failed status. To repeat, then, no application logic is involved in the container login process.

I think you understood this, based on your examples, but I like to repeat it often, because a lot of people do not.

You do have one problem, however. You have defined a rule that requires authentication on ALL URLs, including the CSS and image URLs on your login/loginfail pages. In other words, to retrieve and display the logo on the login page, you have to already be logged in. In theory, this should have caused some sort of recursion problem, but in reality what I've seen is basically what you reported.

I prefer to keep a public "hello" page myself, so that users can tell what site they've landed on and general news can be displayed. From there I can direct them to the secured part of the site.

And, of course, I exempt the CSS and image URLs from being secured.

 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your reply,
I just want to know ho can i solve my problem, i read your reply many times and i don't know how can i solve my problem
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When i put my jsp page login.jsp without style, and a simple page home.jsp it's work very well
login.jsp:

authentication.jsp:

and the web.xml remains the same, i'm stuck :'(
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You do have one problem, however. You have defined a rule that requires authentication on ALL URLs, including the CSS and image URLs on your login/loginfail pages. In other words, to retrieve and display the logo and CSS on the login page, you have to already be logged in. Except that you're not logged in or you wouldn't be seeing the login page. In theory, this should have caused some sort of recursion problem, but in reality what I've seen is basically what you reported.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to thank you for your reply,
I would like to know what needs to be changed to make it work,please
and thank you in advance :)
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I understood what you said, but i don't know how can i applied it :(
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
http://www.coderanch.com/t/630155/Servlets/java/url-pattern-url-pattern-web

Same basic problem. Trying to match too many URLs in one pattern.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your reply :)
the authetication work now, i just replace \* by \home.jsp in web.xml.
But, why the login page displaied without style defined in style.css??

 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use a server-relative path to include the CSS file: http://www.coderanch.com/how-to/java/TypesOfPaths
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much,
It work now, i just replace href="/inc/style.css" by href="<%=request.getContextPath()%>/inc/style.css"
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sigh. You should be using the EL rather than scriptlet expressions.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where should i use the EL expression? I didn't use code java here !
I have another problem, when i want to logout,

The authentication page displayed and not the login page.
Andi if i change the href to "Login.jsp", when i want to login another time an error appears.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where should i use the EL expression? I didn't use code java here !

You do here: <%=request.getContextPath()%>. You can use a functionally equivalent EL expression instead of scriptlets.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you mean this expression ?
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What about the other question ?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the other question? And, you should not be using the deprecated font tag.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have another problem, when i want to logout,

The authentication page displayed and not the login page.
Andi if i change the href to "Login.jsp", when i want to login another time an error appears.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!