Discussions

Web tier: servlets, JSP, Web frameworks: login.jsp for authorization ???

  1. login.jsp for authorization ??? (5 messages)

    Hi, I am trying to have a jsp file called login.jsp, for example when the user go to some links that demand authrization( like getting in insert.jsp or delete.jsp), I want to include the login.jsp in all those files, for example if a user click in the link that said Delete (delete.jsp) the first thing happened is that the included file login.jsp has to save the name of the file that it was sent from (delete.jsp in this example), and then the user enter his/her username and password, if the user is authorized to do that task , he/she will be redirected to the file it was sent from (delete.jsp), and now we are not going to execute the line that include the login.jsp file.
    Please if this was done using jsp or jsp and beans, I will be happy to hear from you.
    Thanks, your help will be appreciated.

    Threaded Messages (5)

  2. Hi Majid,

    I have implemented something similar to what you are asking. I have used servlet,jsp and java bean with the MVC architecture. The servlet acts as a controller which checks for login and sends the url info as a hidden field in the login form which after submitting goes back to the servlet. The servlet then checks the login info and forwards the request to the requested page by getting the url from the form's hidden field.

    Srinivas.J
  3. Hi Srinivas,
    please can I take a look to your code, I am new to this, and your help will be appreciated.
    my emai : yna54 at hotmail dot com
    Thanks
  4. login.jsp for authorization ???[ Go to top ]

    The above suggestion sounds great.
    If you are only using JSPs, and not a separate Servlet,
    why not consider this:

    Let's say you have hello.jsp, your first page.
    It has a link to delete.jsp, which deletes some user data... and you want to be sure the user has logged in first.

    1) In hello.jsp, change the link to delete.jsp to include a "nextpage" parameter.
    2) In delete.jsp, include check_login.jsp, which makes sure you are logged in. If you aren't, it redirects you to a login page, passing on the nextpage parameter (If you ARE logged in, the include does nothing... you merely see the including page).

    3) On your login page, get the nextpage parameter and go there after logging in.

    Or you could stick "nextpage" in the session and not worry about params... but this will get messed up with hyperactive users with four or five open windows (many of which are minimized) if you've used the same session value on several pages.

  5. login.jsp for authorization ???[ Go to top ]

    Thanks this is what I am doing now, but I am still interested to know how it was done using servlet, I like the idea of Mr Srinivas.
    Please if there is any code using servlet and jsp to do that, thanks
  6. login.jsp for authorization ???[ Go to top ]

    I'm interesting too