How to show the user name with form based authentication after anunsuccessful login?

A

Andrea Desole

I'm trying to use form based authentication in my web application. I
created my login form, with a post method and action "j_security_check".
In the form I put a text field with name "j_username" and a password
field with name "j_password". The login seems to work fine.
What I find strange is that there is not a way, if the login fails, to
show the user name when the login form is reloaded, as it would usually
happen in a normal login.
I couldn't find anything in the servlet specification, and my concern is
that it's actually not possible, which surprises me. Does anyone know
anything about it?
 
L

Larry

Sounds like you may want to store j_username in session scope
(session.setAttribute() ), rather than request scope, since you are
wanting to see the values when the form is reloaded. Or you can just
do a request.setAttribute() in your action when the loginin fails so it
will be available in the next request.
 
A

Andrea Desole

Larry said:
Sounds like you may want to store j_username in session scope
(session.setAttribute() ), rather than request scope, since you are
wanting to see the values when the form is reloaded. Or you can just
do a request.setAttribute() in your action when the loginin fails so it
will be available in the next request.
I would like to do that, but I can't. The entire process is handled by
the server. To log the use in I don't use my code
 
J

John C. Bollinger

Andrea said:
I would like to do that, but I can't. The entire process is handled by
the server. To log the use in I don't use my code

It seems like a lot of bother, but you could probably set up a servlet
filter that captured the provided j_username and stashed it in the
session. If the login form is provided via JSP then it could easily
retrieve the value from the session and use it to set the initial value
of the username field when the form is displayed again.

I'd have to study the docs to decide, but it might work to stash the
data in the request rather than in the session; this would be better if
it works.

Overall, the form login system seems to provide relatively little
information back to the web application. To me, this is one of its more
egregious weaknesses.
 
A

Andrea Desole

John said:
It seems like a lot of bother, but you could probably set up a servlet
filter that captured the provided j_username and stashed it in the
session. If the login form is provided via JSP then it could easily
retrieve the value from the session and use it to set the initial value
of the username field when the form is displayed again.

I'd have to study the docs to decide, but it might work to stash the
data in the request rather than in the session; this would be better if
it works.

I have the feeling that filters are not called with form based login,
since it is completely handled by the server, and it does seem like a
lot of bother, but I'll think about giving it a try. If I want to do it
this is so far the only possible solution I have. Thanks
Overall, the form login system seems to provide relatively little
information back to the web application. To me, this is one of its more
egregious weaknesses.

I agree. Actually it looks like it hasn't been designed to be very
powerful. But unfortunately this is a requirement I have
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top