Session Management using JSP

[KK]

Hello Everyone,


I have developed on small site...now i can able to login but i have
not maintain session to user logout. Please give small example JSP
with login screen & checking in all form to authorise user & logout
properly.

Hope you will help me


Thanking You in anticipation


Regards,

Kartikeya

 

[Dave Miller]

Hello Everyone,


I have developed on small site...now i can able to login but i have
not maintain session to user logout. Please give small example JSP
with login screen & checking in all form to authorise user & logout
properly.

Hope you will help me


Thanking You in anticipation


Regards,

Kartikeya

Set a cookie on login; read it for each authorization; destroy or null
its value for logout. If you want to give users the option to "remember
me on this computer", make your cookie(s) persistent.

 

[KK]

Thanks for replying, but can you plz give me any example of this? i
dont knw how to make cookies also.

Thanking you


Kartikeya

 

[KK]

Thanks for replying, but can you plz give me any example of this? i
dont knw how to make cookies also.

Thanking you

Kartikeya

 

[Arne Vajhøj]

I have developed on small site...now i can able to login but i have
not maintain session to user logout. Please give small example JSP
with login screen & checking in all form to authorise user & logout
properly.

The easiest is to use container managed security. You protect your
pages in web.xml, provide a login form and let the container
do all the work.

Arne

 

[Arne Vajhøj]

The easiest is to use container managed security. You protect your
pages in web.xml, provide a login form and let the container
do all the work.

And before you ask for an example:

http://courses.coreservlets.com/Course-Materials/pdf/msajsp/03-Security-Declarative.pdf

Arne

 

[Dave Miller]

The easiest is to use container managed security. You protect your
pages in web.xml, provide a login form and let the container
do all the work.

Arne

The right way to do it may be via the container but if you have to learn
the tech before you use it, I'm not so sure on the easier part.

 

[Arne Vajhøj]

The right way to do it may be via the container but if you have to learn
the tech before you use it, I'm not so sure on the easier part.

It is much easier than writing all the code yourself.

Arne

 

[Dave Miller]

Thanks for replying, but can you plz give me any example of this? i
dont knw how to make cookies also.

Thanking you


Kartikeya

If you don't already have the rest of your login / security system
built, take arne's suggestion. If all you need to do is gain persistance
the API in javax.servlet.http.Cookie is pretty self explanatory. To
give you a jump start:

To set a cookie:

Cookie cookie = new Cookie(java.lang.String name, java.lang.String value);
// do stuff with cookie
response.addCookie(cookie);

To check for it coming back:

try{
if (request.getCookies() != null){
Cookie[] allCookies = request.getCookies();
for (int i=0; i<allCookies.length; i++) {
Cookie cookie = allCookies;
//get info from cookie

}catch ...

 

[KK]

thanks for help..

actually i tried the container based security, both form and basic. In
form based security am having a small problem. As guided by the
example, i edited my web.xml and tomcat-users.xml file. but while
using FORM authentication it started restricting my whole web
application. i even checked the roles and users mentioned the both of
the xml files but still the problem persists.

onething i want to ask more is, when we create a login form in this,
we define the form action as "j_security_check" and similarly the
username and password, then how i will match the username and password
of the registered users which are present in the database? The
username and password of the registered users are stored in the
database as soon as they register.

am sorry i am troubling you a lot but am totally confused, plz help
me.

Thanking you,

Kartikeya

 

[Arne Vajhøj]

actually i tried the container based security, both form and basic. In
form based security am having a small problem. As guided by the
example, i edited my web.xml and tomcat-users.xml file. but while
using FORM authentication it started restricting my whole web
application. i even checked the roles and users mentioned the both of
the xml files but still the problem persists.

You specify in web.xml what to protect.

onething i want to ask more is, when we create a login form in this,
we define the form action as "j_security_check" and similarly the
username and password, then how i will match the username and password
of the registered users which are present in the database? The
username and password of the registered users are stored in the
database as soon as they register.

You do not check. The nice container checks for you.

Arne

 

[Dave Miller]

onething i want to ask more is, when we create a login form in this,
we define the form action as "j_security_check" and similarly the
username and password, then how i will match the username and password
of the registered users which are present in the database? The
username and password of the registered users are stored in the
database as soon as they register.

I'm now clear that you weren't asking how to extend an existing security
scheme, you were asking how to create one. This puts us back to "use
arne's suggestion".

 

[KK]

i am using 'arne's suggestion' but finding a problem which i mentioned
above. The FORM authentication is restricting the whole web
application and i am not even able to start the session from the
Apache Manager section.

any idea what is restricting the whole web application? i followed the
example and did whatever was mentioned there.

 

[Arne Vajhøj]

i am using 'arne's suggestion' but finding a problem which i mentioned
above. The FORM authentication is restricting the whole web
application and i am not even able to start the session from the
Apache Manager section.

any idea what is restricting the whole web application? i followed the
example and did whatever was mentioned there.

If you have a die structure like:

yourapp
open
*.jsp
secure
*.jsp
WEB-INF
classes
lib
web.xml

and in web.xml has:

<security-constraint>
<web-resource-collection>
<web-resource-name>logintest secure part</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>

then only the secure dir is secured.

Arne