John Tangney wrote:
> On 4/12/00 7:13 PM, Vyacheslav Pedak at [EMAIL PROTECTED] wrote:
> > See Java Servlet API specification 2.2, you can download it from
> > http://java.sun.com/products/servlet/2.2/
>
> Thanks, but I *also* scoured the spec. What parts of the spec answer my
> question?
I don't know what the previous poster does, but you are correct that
there is no direct support for authentication in the Servlet spec.
What we do in our Model 1 apps (the simplest case) is rely on FORM-based
authentication, tracking a successful authentication via methods in a
bean that we store in the user's session. Our "normal" pages have
something like:
<jsp:useBean id="userbean" scope="session" class="com.blah.UserBean" />
<% if( !userbean.isAuthenticated() ) {
response.sendRedirect("login.jsp");
}
%>
<HTML>
. . .
The isAuthenticated method of UserBean checks a boolean as to whether
the user successfully logged in or not. If this flag is not set, we
redirect the user to the login page. The login page looks something
like:
<HTML>
<% session.invalidate(); /* nuke any prior session information */ %>
<BODY>
<FORM ACTION="login2.jsp" METHOD="POST">
Username: <INPUT TYPE="TEXT" NAME="user" SIZE="18" MAXLENGTH="18">
<BR>
Password: <INPUT TYPE="PASSWORD" NAME="password" SIZE="18"
MAXLENGTH="18">
<BR>
<INPUT TYPE="SUBMIT">
</FORM>
</BODY>
</HTML>
When the user presses Submit, they are sent on to login2.jsp, which
performs the authentication check and, if successful, forwards on to the
main content page --
<@ page contentType="text/plain" buffer="16kb"
errorPage="loginError.jsp" %>
<jsp:useBean id="userbean" scope="session" class="com.blah.UserBean" />
<jsp:setProperty name="userbean" property="*" />
<% // The above setProperty should have called setUser(...) and
setPassword(...)
// which will allow us to attempt authentication. If we fail
authentication,
// the bean will throw an exception, which will bounce us over to
// the indicated errorPage above.
// If successful, this method will set the authenticated flag to
true.
// If not, it will set authenticated to false and throw an
exception.
userbean.authenticate();
// If we get this far, we must have succeeded. Let the user in to
our app.
// Note that we use encodeURL here to handle cookie-less sessions.
response.sendRedirect(response.encodeURL("app_page1.jsp"));
%>
The app_page1.jsp would include the check shown at the top of this
email. loginError.jsp would display the error message from the
"exception" implicit object and then give the user a link to bounce back
to login.jsp.
There are more efficient ways of implementing the above, particularly
ways that use jsp:forward rather than browser redirects. I think the
above is the most straightforward to get folks started, though.
> >> And, more generally, what parts of
> >> the servlet API are accessible to my code when I'm using JSP?
> >>
> >
> > All API
> How?
First, you have access to the implicit objects defined in the JSP spec
(there is a cheat-sheet for download at http://java.sun.com/products/jsp
that lists these):
request javax.servlet.http.HttpServletRequest
response javax.servlet.http.HttpServletResponse
pageContext javax.servlet.jsp.PageContext
session javax.servlet.http.HttpSession
application javax.servlet.ServletContext
out javax.servlet.jsp.JspWriter
config javax.servlet.ServletConfig
exception java.lang.Throwable
Second, you can access ANY Java class inside a scriptlet:
<% com.blah.MyUtilityClass utils = new com.blah.MyUtilityClass();
utils.doSomething(request,response);
%>
as long as the class is accessible along your Servlet Engine's classpath
(configuring your servlet engine's classpath is vendor-specific --
consult your vendor documentation or visit one of the product-specific
support pages or email lists).
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
