开发者

Automatic login after registration

开发者 https://www.devze.com 2022-12-27 21:45 出处:网络
I have a webapp with form-based authentication. On the login page, I have placed a link to a public registration form. The registration adds a user in the database that is used for authentication.

I have a webapp with form-based authentication. On the login page, I have placed a link to a public registration form. The registration adds a user in the database that is used for authentication.

Now, is is possible to do an automatic login as the new user after the registration is complete, without returning to the login page?

UPDATE

More info, as requested:

DataSource in $CATALINA_BASE/conf/server.xml:

...
    <GlobalNamingResources>
...
        <Resource auth="Container" type="javax.sql.DataSource" name="jdbc/gporder"
                  driverClassName="com.mysql.jdbc.Driver"
                  url="jdbc:mysql://localhost/gporder"
                  maxActive="100" maxIdle="30" maxWait="10000"
                  username="xxx" password="yyy"/>
...
    </GlobalNamingResources>
...

Resource links and realm in $MYWAR/META-INF/context.xml:

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/gporder">
    <ResourceLink global="jdbc/gporder" name="jdbc/gporder"
            type="javax.sql.DataSource"/>
    <Realm className="org.apache.catalina.realm.DataSourceRealm" 
            dataSourceName="jdbc/gporder" debug="99" localDataSource="true"
            digest="MD5" roleNameCol="role" userCredCol="password_hash"
            userNameCol="username" userRoleTabl开发者_如何学运维e="rolemap" userTable="users"/>
</Context>

What else? there is a JSP with the HTML registration form, and a servlet that handles the POST when the form is submitted. They are both too long to be pasted here, but the servlet builds a new user and save it in the database (via hibernate).

After that, a redirect is done on an initial page, which causes tomcat to redirect to the login page instead. So my question is: is there a way to use the username and password entered in the registration form to force a login, and avoid further redirects on the login page?

I would like to avoid relying on tomcat's internal classes.


Here is a possible solution: the registration must be included in the login procedure.

A link to the registration form is included in the login form, tough the two forms could also share the same page. Here is the code for login.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Authentication</title>
    </head>
    <body>
        <h1>Authentication</h1>
        <p>Please enter your username and password below, then click on the
            'Login' button</p>
        <form action="j_security_check" method="POST">
            <dl>
                <dt><label for="j_username">Username: </label></dt>
                <dd><input type="text" id="j_username" name="j_username"></dd>
                <dt><label for="j_password">Password: </label></dt>
                <dd><input type="password" id="j_password" name="j_password"></dd>
                <dd><input type="submit" name="login" value="Login"></dd>
            </dl>
        </form>
        <p>If you don't own an account yet, and would like to register,
            <a href="register.jsp">please click here</a></p>
    </body>
</html>

Here is the registration form, register.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Registration</title>
    </head>
    <body>
        <h1>Registration</h1>
        <p>Please fill in the form below, then click on the 'Register'
            button</p>
        <form action="register" method="post">
            <dl>
                <dt><label for="username">Username: </label></dt>
                <dd><input type="text" id="username" name="username"></dd>
                <dt><label for="password">Password: </label></dt>
                <dd><input type="password" id="password" name="password"></dd>
                <dt><label for="password">Verification: </label></dt>
                <dd><input type="password" id="verification" name="verification"></dd>
                <dt><label for="firstname">First name: </label></dt>
                <dd><input type="text" id="firstname" name="firstname"></dd>
                <dt><label for="lastname">Last name: </label></dt>
                <dd><input type="text" id="lastname" name="lastname"></dd>
                <dt><label for="email">E-mail address: </label></dt>
                <dd><input type="text" id="email" name="email"></dd>
                <dd><input type="submit" name="register" value="Register"></dd>
            </dl>
        </form>
    </body>
</html>

Upon submission, the registration fields are posted to a servlet that create a new user in the database, and then redirect to /j_security_check:

String username = request.getParameter("username");
String password = request.getParameter("password");
User user = new User();
user.setUsername(username);
user.setPassword(password);
user.setFirstName(request.getParameter("firstname"));
user.setLastName(request.getParameter("lastname"));
user.setEmail(request.getParameter("email"));

// ... register the user, then if everything is OK, do:

String url = request.getContextPath() + "/j_security_check";
response.sendRedirect(url + "?j_username="
        + URLEncoder.encode(username, "UTF-8")
        + "&j_password="
        + URLEncoder.encode(password, "UTF-8"));


Like said; to give you a sensible suggestion you don't give a lot of information.

I would do it like this:

  • Enter info in database (registration)
  • Perform the same actions that occure after a user clicked 'login'
  • Redirect to the same page as you would after a user is logged in


I have two ideas. Either create a new HttpSession and try and put the user into the session. Or pass the username and password to the login page with HTTP variables and use javascript to auto submit the form.


This question seems to be similar to this question.

The simple answer is to call request.login(username, password); to log the user in and then redirect them to the correct page.

0

精彩评论

暂无评论...
验证码 换一张
取 消