0

I am in deploying a Spring Boot web application.

just like whatsapp... phone scan the qr code and web app start

At the login page I put a Qr code for doing login stuff

there is an android app Pre-authenticated . this app uses for scan qr code and sending username ID and content of Qr code to the server

server After Authentication wants to login the user automatically by redirect the first page to dashboard page

but the page is HTTP and I don't know how can I redirect that page without request. I know if login page is web socket I can redirect page but the page is HTTP. can somebody help me?

I just using webSocket and after redirect login page to dashboard page every time I want. because connection is alive.

Meis
  • 13
  • 7
  • What are you redirecting? The page is either a form submit with a URL in a `
    ` attribute, or some JavaScript code that specify a URL when connecting to the server. Sure, most times those URLs are relative, but they can be absolute `https://domain/foo/bar`, so the page will connect directly using HTTPS. No redirecting needed.
     – Andreas Sep 06 '20 at 16:34
  • for example john want to login with qr code.after Authentication I want to send a token for his browser to be login....how can I do this to redirect his page to dashboard page – Meis Sep 06 '20 at 16:43
  • *"after Authentication I want to send a token for his browser"* So you're talking about code on the server, that has just processed the Authentication using credential values sent from the browser, *right?* Those values sent using HTTPS, ***right?*** I mean, the credentials for the Authentication darn well should have been sent encrypted by HTTPS. So if the data was already sent using HTTPS, what's all this talk about HTTP and redirect to HTTPS in the question? I now have absolute no idea what the question is about! – Andreas Sep 06 '20 at 16:47
  • there is an android application for scan qr code and sending username ID and content of Qr code to the server server After Authentication want to login the user automatically by redirect the first page to dashboard page – Meis Sep 06 '20 at 16:52
  • You need to **edit** the question and clarify it with what you've told in comments. Especially, you need to somehow say which *specific* part of what you're describing that you have trouble with. Processing the content from the QR code? Doing the authentication? Sending a token to the browser? Redirecting the browser to another page? – Andreas Sep 06 '20 at 16:57
  • If the QR code is sent by an Android *application*, where did the web browser suddenly get involved? Please explain in the question. – Andreas Sep 06 '20 at 16:58
  • you right.I edited the question ..I don't know how Sending a token to the browser and Redirecting the browser to another page – Meis Sep 06 '20 at 17:01
  • We don't either, because we have no idea what the Android QR scanner application does. – Andreas Sep 06 '20 at 17:03
  • just like whats app... phone scan the qr code and web app start – Meis Sep 06 '20 at 17:05
  • And we knew that how? Oh, we didn't, because you never said. – Andreas Sep 06 '20 at 17:07
  • you right Andreas...I am sorry for bad question – Meis Sep 06 '20 at 17:09
  • How can a QR code be the username for authenticating? Which is then sent in clear text to the server? Talk about **unsecure!** If I understood that right, then you need to entire re-think what you're doing. If I didn't understand that right, please clarify in the question what *"there is an android application for scan qr code and sending username ID and content of Qr code to the server"* and how the android application can be sending username ID to the server. – Andreas Sep 06 '20 at 17:09
  • the android app is Pre-authenticated – Meis Sep 06 '20 at 17:11
  • Which we knew how? --- And if it is Pre-authenticated, then what does "After Authentication" means, since you're then not doing any authentication? – Andreas Sep 06 '20 at 17:13
  • just want login with Qr code – Meis Sep 06 '20 at 17:16
  • To log in, you provide *credentials*, commonly user and password, but can be anything. Called e.g. "login with username" or "login with email address". *"login with Qr code"* then means that the QR code *is* the credentials? That's **not secure!** – Andreas Sep 06 '20 at 17:17
  • there is some token and stuff for secure..can you help me for my problem?please – Meis Sep 06 '20 at 17:20
  • Sorry, I guess I cannot help, since I still have no idea what you're trying to do, because I simply cannot **fathom** using a *QR Code* as *Credentials* in a login, so I'm obviously misunderstanding what you're saying. – Andreas Sep 06 '20 at 17:22
  • see this post ..its explain using web socket.then you ca find what is my problem...https://stackoverflow.com/questions/37350286/mechanism-behind-qr-code-scanning-of-whatsapp-webapp – Meis Sep 06 '20 at 17:25

0 Answers0