Guilherme Birckan wrote:
> Hi there Craig! So, do you have any advice about how could I make this?
> What I am trying to do is to validate the user, which can only display the
> HTML after being authorized by creating the session, understand?
> He passes by a Login page, and if his password is ok, the session is
> created by the getSession(true) method.
> If the user try to view the page by directly typing the URL in the
> browser, that servlet tests whether the session has been created or not,
> and if it's not, it should redirect to an Error page or something like
> that, got my problem?
> The bad thing is that i want to finish this work quickly, i really can't
> loose much time remaking everything...
> Thanks...
>
Yes, I'm familiar with the problem. I deal with a similar situation in JSP-based
applications by including a little login check scriptlet at the top of each JSP page
-- something like this:
<% if (session.getValue("loginBean") == null) { %>
<jsp:forward page="login.jsp" /> <%-- The name of my login form page --%>
<% } %>
In my case, I'm checking for the existence of a particular object stored in the
session, instead of the session itself, because JSP creates a new one for you
automatically -- effectively, it calls getSession(true) in the generated code. But
it's the same basic issue.
As I suggested in the previous response, the only quick-and-dirty solution I can think
of is to modify JSSI servlet itself (fortunately for you, you selected an open source
package so you have this option :-). The idea would be to take the
login-check-redirect logic that you wrote in your called servlet, and put it at the
beginning of the doGet() method of the JSSI servlet itself. You could modify the
actual JSSI servlet, or create a customized version and change the mapping you have
set for the ".jhtml" extension to go to your customized version instead. If you do
this, then your login check will be enforced on any *.jhtml page.
Failing that, it's probably redesign time :-(.
Craig
>
> On Mon, 20 Sep 1999, Craig R. McClanahan wrote:
>
> > Guilherme Birckan wrote:
> >
> > > Thanks, but the problem isn't that simple, it really doesn't work
> > > as I want it to. Have you guys ever tried to do something like this? I
> > > forgot to mention, I'm using Apache 1.3.9, Apache JServ 1.0, Apache JSSI
> > > 1.1.2 and the jsdk.jar file from the JSDK2.0, 'cause the docs of the JServ
> > > or the JSSI (I don't remember which one) mentioned I couldn't use the
> > > JSDK2.1 ... I really need this as fast as anyone can tell me what to do,
> > > thank you so much for any help...
> > > Best regards,
> > >
> >
> > I'm afraid you are not going to be able to issue a redirect from inside the
> > servlet called by a SERVLET tag. The reason for this is that the HTTP headers
> > for the response have already been created (by the JSSI servlet that is
> > processing the page), so any change you make to the headers from inside the
> > called servlet will have no effect. You will have to use some other mechanism to
> > control redirction when it is needed, or else create a customized version of the
> > JSSI servlet, based on the existing source, that does your session existence
> > check as the very first thing in its doGet() method.
> >
> > I doubt it will make you feel any better, but the same restriction applies to
> > servlets or JSP pages that are included with RequestDispatcher.include() or
> > <jsp:include> in the current specifications.
> >
> >
> > > Guilherme Birckan
> > >
> >
> > Craig McClanahan
> >
> >
> > >
> > > On Mon, 20 Sep 1999, jon * wrote:
> > >
> > > > > I am executing a .jhtml page which has a reference <SERVLET ...>
> > > > > to a servlet. In the doGet() method of that servlet, I test if the
> > > > > HttpSession is null, and, if it is, I redirect the user by using the
> > > > > response.sendRedirect() method. The problem is that the page is NOT being
> > > > > redirected, instead of that, the rest of the HTML page is being show, what
> > > > > i didn't want to happen. What can I do?
> > > >
> > > > After the sendRedirect(), put a return;
> > > >
> > > > -jon
> > > >
> > > > ___________________________________________________________________________
> > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > > > of the message "signoff SERVLET-INTEREST".
> > > >
> > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > > Resources: http://java.sun.com/products/servlet/external-resources.html
> > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > > >
> > >
> > > ___________________________________________________________________________
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > Resources: http://java.sun.com/products/servlet/external-resources.html
> > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
> > ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
