开发者

prevent back to login page after user is logged in jsp servlet

问答 作者:

i am using jsp servlet to make a web application, I want to prevent the user to show login page, if he already logged in, I make a filter that check that, but it still show login page even user has a valid session, Here is the code in the Filter.

  HttpSession session = httpreq.getSession(false);

    if(session == null){
        System.out.println("not logged, redirect ");
          httpres.sendRedirect("../Login.jsp");

    }
    else{
            System.out.println("could be logged");
           String logged = (String) session.getAttribute("Login");
           if(logged != null){
                   System.out.println(" logged  "+logged);
               if (!logged.equals("ok")) { // user is not logged
                    System.out.println("not logged, redirect ");
                    httpres.sendRedirect("../Login.jsp");
                    return;
                } else {  // if user has a session redirect his to the page he was opened
                       System.out.println("redirect to the  same page");
                    chain.doFilter(request, response);
                    System.out.println("redirect to the  same page");
                    httpres.setCharacterEncoding("UTF-8");
                    httpres.sendRedirect(httpreq.getRequestURI());
                }
           }else
           {
                 System.out.println("not logged, redirect login ");
                    httpres.sendRedirect("开发者_运维百科../Login.jsp");
                    return;
           }

    }

I make the session only on folders that located outside the WEB-INF folder.

Edit : Here's the code to check the validity of user and add attributes to session

  isVaild = StudentManagement.isValidUser(connection, studentUserName, password);
               //     I have more than one roles in the system..
            }
            if (isVaild) {

                System.out.println("create session");
                HttpSession session = request.getSession();
                session.setAttribute("Login", "ok");
                session.setAttribute("userName", userName);
                session.setAttribute("role", role);
                if (role == UserRole.STUDENT) {  //student role
                    url = "/ParentManagementServlet?pageName=StudentActivationPage";

                    forward(request, response, url);
                } else if (role == UserRole.ADMIN) {  //admin role
                    url = "/Admin/MainPage.jsp";
                    forward(request, response, url);
                }

Edit 2: here's the URL mapping in web.xml file

 <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/Admin/*</url-pattern>
</filter-mapping>

since Admin is the folder that locates outside the WEB-INF folder.

Everything seems fine, apart from Filter mapping, try - 

<filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>/protected directory/*</url-pattern>
</filter-mapping>

I'm assuming you want to protect everything in the directory and the above url pattern will check for whole directory .. you can fine tune the pattern as per your need.
But the point is - pattern mentioned in question (<url-pattern>/Admin/*</url-pattern>) does not intercept Login.jsp and that's why it cannot perform session check and renders Login.jsp even for valid sessions.
You can perform a check in the existing filter - whether the request is for Login.jsp and then can make a decision (I don't know whether this is a good way to go) else keep the Login.jsp out of the protected directory and write an another filter which matches only Login.jsp

继续阅读:servlet-filtersservletssession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9