Session Management using JSP

Discussion in 'Java' started by KK, Jul 18, 2008.

  1. KK

    KK Guest

    Hello Everyone,


    I have developed on small site...now i can able to login but i have
    not maintain session to user logout. Please give small example JSP
    with login screen & checking in all form to authorise user & logout
    properly.

    Hope you will help me


    Thanking You in anticipation


    Regards,

    Kartikeya
     
    KK, Jul 18, 2008
    #1
    1. Advertising

  2. KK

    Dave Miller Guest

    KK wrote:
    > Hello Everyone,
    >
    >
    > I have developed on small site...now i can able to login but i have
    > not maintain session to user logout. Please give small example JSP
    > with login screen & checking in all form to authorise user & logout
    > properly.
    >
    > Hope you will help me
    >
    >
    > Thanking You in anticipation
    >
    >
    > Regards,
    >
    > Kartikeya


    Set a cookie on login; read it for each authorization; destroy or null
    its value for logout. If you want to give users the option to "remember
    me on this computer", make your cookie(s) persistent.


    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
     
    Dave Miller, Jul 18, 2008
    #2
    1. Advertising

  3. KK

    KK Guest

    Thanks for replying, but can you plz give me any example of this? i
    dont knw how to make cookies also.

    Thanking you


    Kartikeya
     
    KK, Jul 18, 2008
    #3
  4. KK

    KK Guest

    On Jul 18, 9:18 pm, KK <> wrote:
    > Thanks for replying, but can you plz give me any example of this? i
    > dont knw how to make cookies also.
    >
    > Thanking you
    >
    > Kartikeya
     
    KK, Jul 18, 2008
    #4
  5. KK

    Arne Vajhøj Guest

    KK wrote:
    > I have developed on small site...now i can able to login but i have
    > not maintain session to user logout. Please give small example JSP
    > with login screen & checking in all form to authorise user & logout
    > properly.


    The easiest is to use container managed security. You protect your
    pages in web.xml, provide a login form and let the container
    do all the work.

    Arne
     
    Arne Vajhøj, Jul 18, 2008
    #5
  6. KK

    Arne Vajhøj Guest

    Arne Vajhøj wrote:
    > KK wrote:
    >> I have developed on small site...now i can able to login but i have
    >> not maintain session to user logout. Please give small example JSP
    >> with login screen & checking in all form to authorise user & logout
    >> properly.

    >
    > The easiest is to use container managed security. You protect your
    > pages in web.xml, provide a login form and let the container
    > do all the work.


    And before you ask for an example:

    http://courses.coreservlets.com/Course-Materials/pdf/msajsp/03-Security-Declarative.pdf

    Arne
     
    Arne Vajhøj, Jul 18, 2008
    #6
  7. KK

    Dave Miller Guest

    Arne Vajhøj wrote:
    > KK wrote:
    >> I have developed on small site...now i can able to login but i have
    >> not maintain session to user logout. Please give small example JSP
    >> with login screen & checking in all form to authorise user & logout
    >> properly.

    >
    > The easiest is to use container managed security. You protect your
    > pages in web.xml, provide a login form and let the container
    > do all the work.
    >
    > Arne

    The right way to do it may be via the container but if you have to learn
    the tech before you use it, I'm not so sure on the easier part.

    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
     
    Dave Miller, Jul 19, 2008
    #7
  8. KK

    Arne Vajhøj Guest

    Dave Miller wrote:
    > Arne Vajhøj wrote:
    >> KK wrote:
    >>> I have developed on small site...now i can able to login but i have
    >>> not maintain session to user logout. Please give small example JSP
    >>> with login screen & checking in all form to authorise user & logout
    >>> properly.

    >>
    >> The easiest is to use container managed security. You protect your
    >> pages in web.xml, provide a login form and let the container
    >> do all the work.

    > The right way to do it may be via the container but if you have to learn
    > the tech before you use it, I'm not so sure on the easier part.


    It is much easier than writing all the code yourself.

    Arne
     
    Arne Vajhøj, Jul 19, 2008
    #8
  9. KK

    Dave Miller Guest

    KK wrote:
    > Thanks for replying, but can you plz give me any example of this? i
    > dont knw how to make cookies also.
    >
    > Thanking you
    >
    >
    > Kartikeya


    If you don't already have the rest of your login / security system
    built, take arne's suggestion. If all you need to do is gain persistance
    the API in javax.servlet.http.Cookie is pretty self explanatory. To
    give you a jump start:

    To set a cookie:

    Cookie cookie = new Cookie(java.lang.String name, java.lang.String value);
    // do stuff with cookie
    response.addCookie(cookie);

    To check for it coming back:

    try{
    if (request.getCookies() != null){
    Cookie[] allCookies = request.getCookies();
    for (int i=0; i<allCookies.length; i++) {
    Cookie cookie = allCookies;
    //get info from cookie

    }catch ...
    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
     
    Dave Miller, Jul 19, 2008
    #9
  10. KK

    KK Guest

    thanks for help..

    actually i tried the container based security, both form and basic. In
    form based security am having a small problem. As guided by the
    example, i edited my web.xml and tomcat-users.xml file. but while
    using FORM authentication it started restricting my whole web
    application. i even checked the roles and users mentioned the both of
    the xml files but still the problem persists.

    onething i want to ask more is, when we create a login form in this,
    we define the form action as "j_security_check" and similarly the
    username and password, then how i will match the username and password
    of the registered users which are present in the database? The
    username and password of the registered users are stored in the
    database as soon as they register.

    am sorry i am troubling you a lot but am totally confused, plz help
    me.

    Thanking you,

    Kartikeya
     
    KK, Jul 19, 2008
    #10
  11. KK

    Arne Vajhøj Guest

    KK wrote:
    > actually i tried the container based security, both form and basic. In
    > form based security am having a small problem. As guided by the
    > example, i edited my web.xml and tomcat-users.xml file. but while
    > using FORM authentication it started restricting my whole web
    > application. i even checked the roles and users mentioned the both of
    > the xml files but still the problem persists.


    You specify in web.xml what to protect.

    > onething i want to ask more is, when we create a login form in this,
    > we define the form action as "j_security_check" and similarly the
    > username and password, then how i will match the username and password
    > of the registered users which are present in the database? The
    > username and password of the registered users are stored in the
    > database as soon as they register.


    You do not check. The nice container checks for you.

    Arne
     
    Arne Vajhøj, Jul 19, 2008
    #11
  12. KK

    Dave Miller Guest

    KK wrote:

    >
    > onething i want to ask more is, when we create a login form in this,
    > we define the form action as "j_security_check" and similarly the
    > username and password, then how i will match the username and password
    > of the registered users which are present in the database? The
    > username and password of the registered users are stored in the
    > database as soon as they register.
    >

    I'm now clear that you weren't asking how to extend an existing security
    scheme, you were asking how to create one. This puts us back to "use
    arne's suggestion".

    --
    Dave Miller
    Java Web Hosting at:
    http://www.cheap-jsp-hosting.com/
     
    Dave Miller, Jul 19, 2008
    #12
  13. KK

    KK Guest

    i am using 'arne's suggestion' but finding a problem which i mentioned
    above. The FORM authentication is restricting the whole web
    application and i am not even able to start the session from the
    Apache Manager section.

    any idea what is restricting the whole web application? i followed the
    example and did whatever was mentioned there.
     
    KK, Jul 19, 2008
    #13
  14. KK

    Arne Vajhøj Guest

    KK wrote:
    > i am using 'arne's suggestion' but finding a problem which i mentioned
    > above. The FORM authentication is restricting the whole web
    > application and i am not even able to start the session from the
    > Apache Manager section.
    >
    > any idea what is restricting the whole web application? i followed the
    > example and did whatever was mentioned there.


    If you have a die structure like:

    yourapp
    open
    *.jsp
    secure
    *.jsp
    WEB-INF
    classes
    lib
    web.xml

    and in web.xml has:

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>logintest secure part</web-resource-name>
    <url-pattern>/secure/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>administrator</role-name>
    </auth-constraint>
    </security-constraint>

    then only the secure dir is secured.

    Arne
     
    Arne Vajhøj, Jul 20, 2008
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Floris van Haaster

    Project management / bug management

    Floris van Haaster, Sep 23, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    1,250
    Jon Paal
    Sep 23, 2005
  2. pouet
    Replies:
    2
    Views:
    781
    Will Hartung
    Jul 30, 2004
  3. dina
    Replies:
    1
    Views:
    810
    alexnb
    Sep 9, 2005
  4. Replies:
    0
    Views:
    4,440
  5. sridhar kumar ch
    Replies:
    1
    Views:
    8,634
Loading...

Share This Page