In a Model 2 environment, with a ControllerServlet calling corresponding
Action classes based on the particular request, where should the
authentication functionality go: In the ControllerServlet or in each Action
class?
It seems that it makes sense to put it in just a single location, in the
ControllerServlet. This way, the code is used in only one place, and no
Action class can be added without authentication.
But then, if authentication isn't needed for every page, then perhaps it
needs to go in the Action classes? Yet it seems terribly redundant to
repeat the functionality in every Action class.
-----Original Message-----
From: Sudhir [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 18, 2000 4:08 PM
To: [EMAIL PROTECTED]
Subject: Re: User Authentication
Here follows one of the Techniques which found in the FAQ. This one looks
like a
good one.
******************
On every page which must be authenticated, I check for a user ID in the
session object - if it doesn't exit, I do a redirect to a login page,
passing the
url
the user was trying to access as a parameter.
On the login page, if the user successfully logs in, I create a session
for
him/her, and add the user ID to the session. I then redirect back to the
original
page the user tried to access. This way, even if the user bookmarks a
page,
he/she will be asked to login once the session has become invalid.
Some code:
On every page I add the following:
HttpSession session = request.getSession(true);
if (session.getValue("CustomerID") == null) {
response.sendRedirect (response.encodeRedirectUrl
("Login.jsp?Origin=SharePortfolio.jsp"));
}
else {
// the rest of the page ...
In Login.jsp once the user has provided the correct logon credentials:
session.putValue("CustomerID", CustomerID);
response.sendRedirect(response.encodeRedirectUrl(request.getParameter("Origi
n")));
******************
This Solution is part of JSP FAQ at
http://www.esperanto.org.nz/jsp/jspfaq.html
(Solution 29)
Hope this helps.
Thanks
Sudhir
[EMAIL PROTECTED]
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
