0

EDIT:

Ok I will attempt to dumb down this explanation because i cannot seem to find any resources online and I did a horrible job explaining it the first time. What my goal is:

Start off in any JSP (it can be anywhere the user can visit in the site), but for argument sake lets say index.jsp. The user attempts to do something that requires a login and thus is prompted to do so at another page called login.jsp. Now the user logs on by submitting the form which is sent to an authentication servlet AND they are redirected back to wherever they were originally, but in this example case index.jsp. Now below I explain what I did thus far. I tried Session but there is this weird quirky behavior that caused me to not send the URL through that. I also don't want to append the URL through GET since doing so will show it and it will just look ugly. Is it possible to do this while hiding that logic from the user?

What I have tried thus far is anytime a page will direct a user to login, I append the URL but send it to my Authenticate.java servlet. There it calls the doGet() which redirects to login and thus is accessible to my login.jsp from the request variable. Problem is the URL isn't even pointing to login.jsp but to my authenticate servlet and the appended url. So it should be:

http://localhost:8080/app/login

but it says 

http://localhost:8080/app/authenticate?url=/index.jsp

I'll provide my code so it makes a bit more sense. If any explanation is needed please don't hesitate to ask! Thanks.

UPDATE:

Ok, it seems I needed to update/ To address Hardik Mishra's concerns, I apologize for putting redirect. I used the term generically/loosely since redirect to me could of meant just passing another page some info by directing it since it is a controller. As you can see I am obviously using a RequestDispatcher. I am competent enough to read the docs and thus I can tell that response has a sendRedirect() method in which I could of used. But like I mentioned above, I DO NOT want to use a Session for the reasons mentioned above. sendRedirect() doesn't keep the same request I loose the information. But since you were also confused as to where I was getting those URL's, I will provide an EXAMPLE calling JSP. The reason I never included it is because the point is to always take back the user to where they originally were regardless of which JSP they were interacting with before being asked to login. The example JSP which in my case I was using will be added above Auth.java for clarity. It also seems I added isLoggedIn() from AuthUtilities prematurely and that may have added to the confusion so again, apologies.

index.jsp

<%@ page import="com.myapp.app.AuthUtilities, com.myapp.app.Dbase" %>

<html>
<head>

    <title>Home</title>
</head>
<body>
    <h3><%= AuthUtilities.isLoggedIn(session, request) %></h3>
    <CENTER>
    <h2>Welcome to UniHub! <%= request.getServletPath() %></h2>

    <form ACTION="le_test" METHOD="POST">
        <input TYPE="text" name="query">
        <input TYPE="submit" value="Search"><br>
    </form>
    </CENTER>
    <hr>
    <a href = "home">home</a>
</body>

</html>

Auth.java

@WebServlet("/authenticate")
public class Auth extends HttpServlet {
@Override
public void doPost(HttpServletRequest req, 
    HttpServletResponse res) throws ServletException, IOException {

    String servletPath = (req.getAttribute("url") != null) ?
        ((String)req.getAttribute("url")).replaceFirst("/", "") : "home";

    if(AuthUtilities.authenticate(userName, password)) {
        res.sendRedirect(servletPath);
    }
    else
        res.sendRedirect("login");

}//end of doPost method

public void doGet(HttpServletRequest req,
    HttpServletResponse res) throws ServletException, IOException {

    RequestDispatcher dis = req.getRequestDispatcher("login");
    dis.forward(req, res);

}//end of doGet method

}//end class

login.jsp

    <%@ page import="com.myapp.app.AuthUtilities" %>

<!doctype html>
<html>

<head>
    <title>Login</title>
</head>

<body>

    <form action="authenticate" method="POST">
        <label for="username">Username</label>
        <input type="text" name="username"><br>
        <label for="password">Password</label>
        <input type="password" name="password"><br>

        <% if(request.getAttribute("url") != null) { %>
            <input type="hidden" value="<%= request.getAttribute("url") %>" name="url"><br>
        <% } %>

        <input type="submit" value="login">
    </form>
        <p>Not a member? <a href="signup">Sign Up Now</a></p>
</body>

</html>

isLoggedIn() method

public static String isLoggedIn(HttpSession session, HttpServletRequest req) {
        String userName = (String)session.getAttribute("username");
            if(userName != null)
                userName = "You are logged in as <a href='profile'>"+
                    userName + "</a> | " +
                    "<a href='logout'>Logout :(</a>";
            else
                userName = "<a href=\"authenticate?url="+req.getServletPath()+"\">Login</a>";

            return userName;
    }
Andy
  • 10,553
  • 21
  • 75
  • 125

2 Answers2

2

First of all you have not explained the question clearly. From Auth Servlet what I have got is

http://localhost:8080/app/login

but it says

http://localhost:8080/app/authenticate?url=/index.jsp

You are redirecting to your desired page on success (valid creds) and redirecting to "login.jsp" if invalid using redirect in doPost().

What I have tried thus far is anytime a page will direct a user to login, I append the URL but send it to my Authenticate.java servlet. There it calls the doGet() which redirects to login and thus is accessible to my login.jsp from the request variable. Problem is the URL isn't even pointing to login.jsp but to my authenticate servlet and the appended url.

In doGet() , you are not redirecting to login page but forwarding the page. (See Difference between Jsp forward and redirect).

So, With your case, browser URL will not be updated and also you can access attribute in the request object. So, store value in HttpSession and use response.sendRedirect in doGet().

Another way to use request.getHeader("Referer") from request header to get JSP page but it is not advised since sending Referer can be blocked by firewalls or browser configuration.

Community
  • 1
  • 1
Hardik Mishra
  • 14,779
  • 9
  • 61
  • 96
0

Instead of just redirecting to login , you can pass an additional parameter say 'refererurl' which will tell you what url you need to redirect if the login is successful.

  @Override
    public void doPost(HttpServletRequest req, 
        HttpServletResponse res) throws ServletException, IOException {

        String urlToRedirectAfterLogin = req.getParameter('refererurl');

        String servletPath = (req.getAttribute("url") != null) ?
            ((String)req.getAttribute("url")).replaceFirst("/", "") : "home";

        if(AuthUtilities.authenticate(userName, password)) {
            res.sendRedirect(urlToRedirectAfterLogin);
        }
        else{
            String fullURL = request.getRequestURL().append("?")
.append(request.getQueryString()).toString();
        res.sendRedirect("login"+"?refererurl="+fullURL);

            }

    }//
Sudhakar
  • 4,823
  • 2
  • 35
  • 42