servlet/jsp question: tomcat 4 and login (about session, forward and get/set attribute)

Discussion in 'Java' started by Mladen Adamovic, Nov 15, 2003.

  1. In mysql I have table members(mem_id,mem_password,...).
    I want to make login to my web application (jsp/servlet/html) using
    information from table members.
    1. Is there good prepared login solution which is easily to use with tomcat
    4/ant? (I could change to EE if its neccessery)
    2. I tried to write some login code, but I have problems.
    First, let me explain what I'm trying to do: in Authorize.java i set two
    attributes of its ServletContext then forward using RequestDisplather to the
    Home.jsp, in Home.jsp I read those attributes - and they are null.

    Some code follows:
    //SOME CODE FROM Authorize.JAVA servlet:
    ...
    ServletContext sc=getServletContext();
    sc.setAttribute("mem_id",id);
    sc.setAttribute("mem_passwd",pass);
    System.err.println("In Authorize.JAVA User connected: "+id);
    ...
    RequestDispatcher dispatcher =
    req.getRequestDispatcher("/Home.jsp");
    if (dispatcher != null)
    dispatcher.forward(req, res);
    ...
    //END OF Authorize.java

    //SOME CODE FROM Home.jsp
    String mem_id=(String) session.getAttribute("mem_id");
    String mem_pass=(String) session.getAttribute("mem_passwd");
    if(mem_id==null || mem_pass==null)
    {
    //user is not connected, ask for id and pass
    System.err.print("in Home.jsp user is not connected - ");
    System.err.println("mem_id: "+mem_id+" mem_passwd :"+mem_pass);
    ...
    //END OF Home.jsp

    On the console I got the following :
    In Authorize.JAVA User connected: root
    in Home.jsp user is not connected - mem_id: null mem_passwd :null

    Where I'm wrong?

    Thanks in advance.
     
    Mladen Adamovic, Nov 15, 2003
    #1
    1. Advertising

  2. Re: servlet/jsp question: tomcat 4 and login (about session, forwardand get/set attribute)

    Mladen Adamovic wrote:
    > In mysql I have table members(mem_id,mem_password,...).
    > I want to make login to my web application (jsp/servlet/html) using
    > information from table members.
    > 1. Is there good prepared login solution which is easily to use with tomcat
    > 4/ant? (I could change to EE if its neccessery)
    > 2. I tried to write some login code, but I have problems.
    > First, let me explain what I'm trying to do: in Authorize.java i set two
    > attributes of its ServletContext then forward using RequestDisplather to the
    > Home.jsp, in Home.jsp I read those attributes - and they are null.


    The thing you want is perhaps "JDBCRealm" - basically, its a ready made
    login framework for JSPs, and pretty easy to use. Have a look at
    jakarta.apache.org, they have a goot tutorial for this one.


    > Some code follows:
    > //SOME CODE FROM Authorize.JAVA servlet:
    > ...
    > ServletContext sc=getServletContext();
    > sc.setAttribute("mem_id",id);
    > sc.setAttribute("mem_passwd",pass);
    > System.err.println("In Authorize.JAVA User connected: "+id);
    > ...
    > RequestDispatcher dispatcher =
    > req.getRequestDispatcher("/Home.jsp");
    > if (dispatcher != null)
    > dispatcher.forward(req, res);
    > ...
    > //END OF Authorize.java
    >
    > //SOME CODE FROM Home.jsp
    > String mem_id=(String) session.getAttribute("mem_id");
    > String mem_pass=(String) session.getAttribute("mem_passwd");
    > if(mem_id==null || mem_pass==null)
    > {
    > //user is not connected, ask for id and pass
    > System.err.print("in Home.jsp user is not connected - ");
    > System.err.println("mem_id: "+mem_id+" mem_passwd :"+mem_pass);
    > ...
    > //END OF Home.jsp
    >
    > On the console I got the following :
    > In Authorize.JAVA User connected: root
    > in Home.jsp user is not connected - mem_id: null mem_passwd :null
    >
    > Where I'm wrong?
    >
    > Thanks in advance.


    Quick guess: I am not sure in which context
    ServletContext.setAttribute() puts its entries - perhaps "application"
    scope. You want to obtain the HttpSession from the HttpServletRequest
    and put your attributes into the session scope, should do the trick...

    HTH
    Andreas
     
    Andreas Wollschlaeger, Nov 15, 2003
    #2
    1. Advertising

  3. Mladen Adamovic

    Sudsy Guest

    Andreas Wollschlaeger wrote:

    > Mladen Adamovic wrote:

    <snip>
    > The thing you want is perhaps "JDBCRealm" - basically, its a ready made
    > login framework for JSPs, and pretty easy to use. Have a look at
    > jakarta.apache.org, they have a goot tutorial for this one.



    They might now support DIGEST authentication but the version of Tomcat
    I'm using only supports BASIC, which means user credentials are sent
    "in the clear". Not secure!

    <snip>

    > Quick guess: I am not sure in which context
    > ServletContext.setAttribute() puts its entries - perhaps "application"
    > scope. You want to obtain the HttpSession from the HttpServletRequest
    > and put your attributes into the session scope, should do the trick...
    >
    > HTH
    > Andreas
    >


    Correct...Authorize.java, since it's a servlet, should be invoking
    getSession on the HttpServletRequest parameter and then invoking
    setAttribute on the returned object, i.e.

    public void doPost( HttpServletRequest req, HttpServletResponse
    resp ) {
    ...
    HttpSession sess = req.getSession()
    sess.setAttribute( "mem_id", id );
    sess.setAttribute( "mem_passwd", pass );

    Note that it's orthogonal to the access in the JSP.
     
    Sudsy, Nov 16, 2003
    #3
  4. Now it works. With getSession() instead of getServletContext().
    Thanks to all people who tried(and succed) to help me.

    "Sudsy" <> wrote :
    > > Quick guess: I am not sure in which context
    > > ServletContext.setAttribute() puts its entries - perhaps "application"
    > > scope. You want to obtain the HttpSession from the HttpServletRequest
    > > and put your attributes into the session scope, should do the trick...
    > >
    > > HTH
    > > Andreas
    > >

    >
    > Correct...Authorize.java, since it's a servlet, should be invoking
    > getSession on the HttpServletRequest parameter and then invoking
    > setAttribute on the returned object,
     
    Mladen Adamovic, Nov 16, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. javaguy44
    Replies:
    0
    Views:
    2,694
    javaguy44
    Apr 1, 2004
  2. circuit_breaker
    Replies:
    2
    Views:
    2,061
    Jack Jia
    Apr 4, 2004
  3. marco
    Replies:
    2
    Views:
    540
    marco
    Mar 24, 2006
  4. Replies:
    0
    Views:
    4,471
  5. Replies:
    2
    Views:
    615
    Arne Vajhøj
    Nov 6, 2009
Loading...

Share This Page