0

User SignUp page. When a user presses the SignUp button, a servlet registers that user and then it must perform login and redirect to main page.

I tried http://anydoby.com/jblog/en/133 But it will not work.

tried 

if ( request.getUserPrincipal() == null ) {
  request.getSession(); // create session before logging in
  request.login( username, password );
}

Do I have to do anything with session? How to login/authenticate from code and then redirect to a page?

CodeGust
  • 831
  • 3
  • 15
  • 36
  • Question is unclear to me. You refer to article which is 6 years old and describe rather Tomcat hack than regular solution. So it is not clear to me what you want to get. Moreover, it seems you know everything. To login from code, use request.login( username, password ). To redirect to page do redirect as usual. – michaldo Mar 28 '15 at 19:01
  • @michaldo The problem is that nothing happens. `getServletContext().getRequestDispatcher("/pages/Admin.jsp").forward(request, response);` When I press "back" browsers' button it just shows the login page while it showld always redirect to the main page when a user is logged in. – CodeGust Mar 30 '15 at 11:12
  • what means 'while it showld always redirect to the main page when a user is logged in'? – michaldo Mar 31 '15 at 14:39
  • @michaldo When a user presses "login" button, the page is redirected to the main page, the session starts. Even if browser's back button is pressed or the url of the login page is manually typed, the user is shown the main page. That means, if a user is logged in one must not be able to see the login page. But when I try to login from code after signUp, user still can go to the login page that is not logged in. – CodeGust Mar 31 '15 at 18:01

1 Answers1

1

It is hard to answer the question because I see some inconsistency in your explanations or they are not complete. However, I will take a chance to guess the true and give an answer.

Default login flow is well described in https://stackoverflow.com/a/9530082. You open web page, server displays login form. When you send password, server opens the page. That is a reason why back button works: you asked the same page twice, but first time login form was displayed. When you click 'Back' after login, then you go back to the same page (the same URL).

You wrote: "Even if (...) the url of the login page is manually typed, the user is shown the main page." That is impossible unless you made custom code that if user is already logged then main page is displayed. By default servlet specification do not block display login page for already logged ones.

So if you have protection against display-login-form-for-logged simply apply it against display-signup-form-for-logged.

The simplest solution I verified is servlet in front of signup form. If user is not logged, follow to JSP with the signup form. If user is logged, redirect to main page. It is important to add resp.setHeader("Cache-Control", "no-store, no-cache, must-revalidate"); otherwise on back button servlet will not be called and browser will display cached form.

If you are still interested, let me know and I will share github example. But I think my explanation is enough to understand and win your problem. (My example is rather not perfect because plain servlet authentication is complicated and I'm used to Spring security)

Community
  • 1
  • 1
michaldo
  • 4,195
  • 1
  • 39
  • 65
  • thank you! http://stackoverflow.com/questions/28510904/netbeans-tomcat-jsp-mysql-forms-login-and-session - that is how my main login works. on signup-button click, the form data is sent to a servlet, it writes it into the db and then uses that hashed passord and username to login (no role needed?), then the servlet redirects the page. -that is how it must work. – CodeGust Apr 03 '15 at 05:57