dcsimg
Passing session variables from jsp to servlet filter.
2 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anonymous
Posted On:   Wednesday, September 7, 2011 08:35 PM

Hi all I just wrote my first servlet filter and am already ahving problems. What I wanted to do was to make the filter handle authentication so that if a protected page was being requested, the filter would cut in and redirect to a login page. If the login succeeded, the filter would then redirect the user to the original page requested. To give an example, one of the pages in question is a blog page. When a user clicks on "Leave a comment", he is redirected by the filter to a login page if he hasn't logged in already. Up until here, the filter does it's job. Then the user logs in and the username/password is checked. If they're ok, a session variable is set in the jsp and the page redirected to the comments page    More>>

Hi all


I just wrote my first servlet filter and am already ahving problems. What I wanted to do was to make the filter handle authentication so that if a protected page was being requested, the filter would cut in and redirect to a login page. If the login succeeded, the filter would then redirect the user to the original page requested.


To give an example, one of the pages in question is a blog page. When a user clicks on "Leave a comment", he is redirected by the filter to a login page if he hasn't logged in already. Up until here, the filter does it's job. Then the user logs in and the username/password is checked. If they're ok, a session variable is set in the jsp and the page redirected to the comments page again. That request goes through the filter where I check the session variable. But no matter what, the session I get from the request seems to be a new one with no attributes set. I've tried calling request.getSession(false) and that seems to always return null. So not giving me the same session back that my jsp pages share.


I'm using tomcat 7.0.2. I don't know if this is tomcat specific or that there is just some very obvious thing that I'm missing.


Hope you cna help me.


Gisli

   <<Less

Re: Passing session variables from jsp to servlet filter.

Posted By:   tim_fox  
Posted On:   Tuesday, November 8, 2011 12:48 PM

Gisli,


You should probably look up "Realms" in the Tomcat documentation. Using Realms, you can let Tomcat handle authentication and management of session cookies, timeouts, etc. You basically set up a Realm which is identified by the URL of the pages you want to protect. For example, you can have certain pages in a directory called "private" so your URL looks like "server.com/myapp/private/abc.jsp" When you define your Realm, you say that it includes "/private" and anything under that directory will require a login. You will have the option to use a file or a database to store your authentication parameters.


This is essentially how tools like SiteMinder work, but they require you to install an agent on your web server. Since you are using Tomcat as your web server, the Realm capability is built in. The docs will tell you how to use a database like SQL*Server or Oracle to store your user information. This is much better than adding code to each page because if someone forgets to add the code, your page may be available to people you don't want seeing it.


Good Luck,


TGF

Re: Passing session variables from jsp to servlet filter.

Posted By:   Anonymous  
Posted On:   Friday, September 9, 2011 02:20 AM

Java
About | Sitemap | Contact