servlet/jsp question: tomcat 4 and login (about session, forward and get/set attribute)

M

Mladen Adamovic

In mysql I have table members(mem_id,mem_password,...).
I want to make login to my web application (jsp/servlet/html) using
information from table members.
1. Is there good prepared login solution which is easily to use with tomcat
4/ant? (I could change to EE if its neccessery)
2. I tried to write some login code, but I have problems.
First, let me explain what I'm trying to do: in Authorize.java i set two
attributes of its ServletContext then forward using RequestDisplather to the
Home.jsp, in Home.jsp I read those attributes - and they are null.

Some code follows:
//SOME CODE FROM Authorize.JAVA servlet:
...
ServletContext sc=getServletContext();
sc.setAttribute("mem_id",id);
sc.setAttribute("mem_passwd",pass);
System.err.println("In Authorize.JAVA User connected: "+id);
...
RequestDispatcher dispatcher =
req.getRequestDispatcher("/Home.jsp");
if (dispatcher != null)
dispatcher.forward(req, res);
...
//END OF Authorize.java

//SOME CODE FROM Home.jsp
String mem_id=(String) session.getAttribute("mem_id");
String mem_pass=(String) session.getAttribute("mem_passwd");
if(mem_id==null || mem_pass==null)
{
//user is not connected, ask for id and pass
System.err.print("in Home.jsp user is not connected - ");
System.err.println("mem_id: "+mem_id+" mem_passwd :"+mem_pass);
...
//END OF Home.jsp

On the console I got the following :
In Authorize.JAVA User connected: root
in Home.jsp user is not connected - mem_id: null mem_passwd :null

Where I'm wrong?

Thanks in advance.
 
A

Andreas Wollschlaeger

Mladen said:
In mysql I have table members(mem_id,mem_password,...).
I want to make login to my web application (jsp/servlet/html) using
information from table members.
1. Is there good prepared login solution which is easily to use with tomcat
4/ant? (I could change to EE if its neccessery)
2. I tried to write some login code, but I have problems.
First, let me explain what I'm trying to do: in Authorize.java i set two
attributes of its ServletContext then forward using RequestDisplather to the
Home.jsp, in Home.jsp I read those attributes - and they are null.
Click to expand...

The thing you want is perhaps "JDBCRealm" - basically, its a ready made
login framework for JSPs, and pretty easy to use. Have a look at
jakarta.apache.org, they have a goot tutorial for this one.

Some code follows:
//SOME CODE FROM Authorize.JAVA servlet:
...
ServletContext sc=getServletContext();
sc.setAttribute("mem_id",id);
sc.setAttribute("mem_passwd",pass);
System.err.println("In Authorize.JAVA User connected: "+id);
...
RequestDispatcher dispatcher =
req.getRequestDispatcher("/Home.jsp");
if (dispatcher != null)
dispatcher.forward(req, res);
...
//END OF Authorize.java

//SOME CODE FROM Home.jsp
String mem_id=(String) session.getAttribute("mem_id");
String mem_pass=(String) session.getAttribute("mem_passwd");
if(mem_id==null || mem_pass==null)
{
//user is not connected, ask for id and pass
System.err.print("in Home.jsp user is not connected - ");
System.err.println("mem_id: "+mem_id+" mem_passwd :"+mem_pass);
...
//END OF Home.jsp

On the console I got the following :
In Authorize.JAVA User connected: root
in Home.jsp user is not connected - mem_id: null mem_passwd :null

Where I'm wrong?

Thanks in advance.
Click to expand...

Quick guess: I am not sure in which context
ServletContext.setAttribute() puts its entries - perhaps "application"
scope. You want to obtain the HttpSession from the HttpServletRequest
and put your attributes into the session scope, should do the trick...

HTH
Andreas
 
S

Sudsy

Andreas said:
Mladen Adamovic wrote:
Click to expand...
The thing you want is perhaps "JDBCRealm" - basically, its a ready made
login framework for JSPs, and pretty easy to use. Have a look at
jakarta.apache.org, they have a goot tutorial for this one.
Click to expand...


They might now support DIGEST authentication but the version of Tomcat
I'm using only supports BASIC, which means user credentials are sent
"in the clear". Not secure!

Quick guess: I am not sure in which context
ServletContext.setAttribute() puts its entries - perhaps "application"
scope. You want to obtain the HttpSession from the HttpServletRequest
and put your attributes into the session scope, should do the trick...

HTH
Andreas
Click to expand...

Correct...Authorize.java, since it's a servlet, should be invoking
getSession on the HttpServletRequest parameter and then invoking
setAttribute on the returned object, i.e.

public void doPost( HttpServletRequest req, HttpServletResponse
resp ) {
...
HttpSession sess = req.getSession()
sess.setAttribute( "mem_id", id );
sess.setAttribute( "mem_passwd", pass );

Note that it's orthogonal to the access in the JSP.
 
M

Mladen Adamovic

Now it works. With getSession() instead of getServletContext().
Thanks to all people who tried(and succed) to help me.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
cactus and servlet redirection 0
Using redirect instead of forward 0
tomcat(catalina) error 1
JSP include and servlet 1
jsp forward 3
Using redirect instead of forward 2
Tomcat servlet problem with session attribute 2

Members online

No members online now.
Total: 32 (members: 1, guests: 31)
Robots: 493

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top