Login with servlets, NOT validate->redirect way

Question

I'm new to servlets and jsp, but i can write simple ones. currently on all pages of my webapp, there is a login form, added with jsp:include. i want to create login mechanism, so that after a user is validated, i dont get redirected( simple servlet mechanism ), but login form disappears(like in most normal websites).

all the examples i find, they teach me how to validate+redirect. How can i do what i specified instead? if its complicated, then at least general direction, right now i don't even really know what to google for exactly.

Thanks

Do you not want _any_ redirect, or do you just not want that stupid "Thank you for logging in, click here if your browser does not automatically redirect you" screen? — Taymon, Apr 24 '12 at 17:39
maybe instead of including the login form as a jsp:include and then suppressing it with javascript upon successful login you would look at how to do a more proper login with, say, JAAS and your web.xml config? not sure what container are you running but this Tomcat realm guide can get you going: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html — Pavel Veller, Apr 24 '12 at 17:57
i dont want redirect at all, i want the jsp:iclude'ed login form to disappear, while staying at same page and user is logged in... — Sergey Sob, Apr 24 '12 at 18:06
I see. You would basically send the login information back to the server using AJAX (watch for http vs. https mismatch and same-original policy: http://stackoverflow.com/questions/6418620/jquery-ajax-and-ssl) and then fade the form away upon successful response using javascript. When you get to the point to render the page next time you would consult with your session state (for example) and decide whether to include it or not. You would also have to ensure you don't let your pages be cached in either state. Is that what you're looking for? — Pavel Veller, Apr 24 '12 at 20:24
that sounds like what i want, yes, xcept i have no idea about AJAX...yet...:/ is there some way to do it with servlets\JS combo? my project is about servlets. so basically if i understand u right that JAAS is more like what i SHOULD do, apart from what i want...? — Sergey Sob, Apr 24 '12 at 20:28

Kazekage Gaara · Accepted Answer · 2012-04-25T07:42:07.427

0

You can use a session variable to check if any user is currently logged in. If a user is logged in, then don't display the login form, simply display a logout button maybe. And if a user is not logged in, display the login form.

A session variable can be set like this :

HttpSession ses=request.getSession(); ses.setAttribute("name",user);

A session variable can be referred like this :

HttpSession ses=request.getSession(false); if(ses.getAttribute("name")== null) //set flag to default value and check flag to know no one is currently logged in else //set flag to some other value to show someone is currently logged in

EDIT

Use the following codes in your validation servlet and in your logout servlet(you would need one). For other things, you can use simple if-else conditions.

HttpSession ses=request.getSession(); ses.setAttribute("name",user);

And:

HttpSession ses=request.getSession(); ses.invalidate();

edited Apr 25 '12 at 07:42

answered Apr 24 '12 at 17:57

Kazekage Gaara

14,972
14
61
108

thanx a lot :) p.s. any idea how can i automatically resize pictures user uploads?? – Sergey Sob Apr 25 '12 at 09:59
No. Do your research and try first. If you still cannot find a solution, ask another question here. People would be glad to help. – Kazekage Gaara Apr 25 '12 at 11:05
Btw, you might want to upvote and accept answers as correct answers. :-) – Kazekage Gaara Apr 25 '12 at 11:06
it won't let me, not enough reputation :/ – Sergey Sob Apr 25 '12 at 20:40

jmruc · Answer 2 · 2012-04-24T20:39:25.080

Use two servlets - a login form jsp and a login authentication servlet. The login form jsp would be like your current jsp, but would not validate/redirect, just display the login form if the user is not logged in. You can check that with a session attribute. If the user is logged in, then it should just be blank when rendered. The login form itself should not redirect to another page, but do an AJAX request.

TL;DR: the login jsp needs to handle communication with the LoginServlet with javascript (AJAX).

login.jsp:

<% if (session.getAttribute("isLoggedIn") != null) {%>
    $.post('LoginServlet', function(data) {
        //hide this with js
    });
<% } %>

This will post to the LoginServlet, which would set the isLoggedIn attribute on successful login. It would also return some json or xml responce to the AJAX form.

public class LoginServlet extends HttpServlet
{
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) 
        throws ServletException, IOException
    {
        String user = req.getParameter("username");
        String pass = req.getParameter("password");

        if (login(user, pass))
        {
            req.getSession().setAttribute("isLoggedIn", true);
            returnJsonOKAnswer();
        }
        else
        {
            returnJsonInvalidUserOrPassAnswer();
        }
    }
    //...
}

thanks, that really helped me a lot, though i don't know ajax, but u gave me an idea - i made a login.jsp with 3 if\elses that print different forms, according to session state that i alter with servlets. Just asking, is that a correct, nice way to do a login? — Sergey Sob, Apr 25 '12 at 07:38
@SergeySob Yes, that is correct. But it would still redirect you on login, no way around that if you use `
` - it sends you to another page. — jmruc, Apr 25 '12 at 11:54

Login with servlets, NOT validate->redirect way

2 Answers2