开发者

prevent back to login page after user is logged in jsp servlet

开发者 https://www.devze.com 2023-02-28 15:57 出处:网络
i am using jsp servlet to make a web application, I want to prevent the user to show login page, if he already logged in, I make a filter that check that, but it still show login page even user has a

i am using jsp servlet to make a web application, I want to prevent the user to show login page, if he already logged in, I make a filter that check that, but it still show login page even user has a valid session, Here is the code in the Filter.

  HttpSession session = httpreq.getSession(false);

    if(session == null){
        System.out.println("not logged, redirect ");
          httpres.sendRedirect("../Login.jsp");

    }
    else{
            System.out.println("could be logged");
           String logged = (String) session.getAttribute("Login");
           if(logged != null){
                   System.out.println(" logged  "+logged);
               if (!logged.equals("ok")) { // user is not logged
                    System.out.println("not logged, redirect ");
                    httpres.sendRedirect("../Login.jsp");
                    return;
                } else {  // if user has a session redirect his to the page he was opened
                       System.out.println("redirect to the  same page");
                    chain.doFilter(request, response);
                    System.out.println("redirect to the  same page");
                    httpres.setCharacterEncoding("UTF-8");
                    httpres.sendRedirect(httpreq.getRequestURI());
                }
           }else
           {
                 System.out.println("not logged, redirect login ");
                    httpres.sendRedirect("开发者_运维百科../Login.jsp");
                    return;
           }

    }

I make the session only on folders that located outside the WEB-INF folder.

Edit : Here's the code to check the validity of user and add attributes to session

  isVaild = StudentManagement.isValidUser(connection, studentUserName, password);
               //     I have more than one roles in the system..
            }
            if (isVaild) {

                System.out.println("create session");
                HttpSession session = request.getSession();
                session.setAttribute("Login", "ok");
                session.setAttribute("userName", userName);
                session.setAttribute("role", role);
                if (role == UserRole.STUDENT) {  //student role
                    url = "/ParentManagementServlet?pageName=StudentActivationPage";

                    forward(request, response, url);
                } else if (role == UserRole.ADMIN) {  //admin role
                    url = "/Admin/MainPage.jsp";
                    forward(request, response, url);
                }

Edit 2: here's the URL mapping in web.xml file

 <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/Admin/*</url-pattern>
</filter-mapping>

since Admin is the folder that locates outside the WEB-INF folder.


Everything seems fine, apart from Filter mapping, try -

<filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/protected directory/*</url-pattern>
</filter-mapping>

I'm assuming you want to protect everything in the directory and the above url pattern will check for whole directory .. you can fine tune the pattern as per your need.
But the point is - pattern mentioned in question (<url-pattern>/Admin/*</url-pattern>) does not intercept Login.jsp and that's why it cannot perform session check and renders Login.jsp even for valid sessions.
You can perform a check in the existing filter - whether the request is for Login.jsp and then can make a decision (I don't know whether this is a good way to go) else keep the Login.jsp out of the protected directory and write an another filter which matches only Login.jsp

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号