How can I use JSP to make sure a user has logged in before I handle the request?
Created May 4, 2012
Kumar Allamraju On every page that needs to be authenticated, check for a user ID in the session
object - if it does not exit, redirect the user to a login page, passing the url the user
was trying to access as a parameter.
On the login page, if the user successfully logs in, create a session for him/her, and add their user ID to the session. After this, redirect back to the original page they had tried to access. This way, even if the user bookmarks a page, he/she will be asked to login once the session has become invalid.
Some code: On every page add the following:
HttpSession session = request.getSession(true); if (session.getValue("EID") == null) { response.sendRedirect (response.encodeRedirectUrl ("Login.jsp?Origin=janesonline.jsp")); } else { // the rest of the page ... }
In Login.jsp once the user has provided the correct logon credentials:
session.putValue("EID", EID); response.sendRedirect(response.encodeRedirectUrl(request.getParameter("Origin"))); ...