How to select a start up page of tomcat 7 webapp?
There is mainly two page in my webapp and I want to select based on domain name. for example
if admin.foo.com show admin.jsp
if user.foo.com show user.jsp
and if foo.com show index.jsp
You have to build this logic into a filter or a servlet in your webapplication. Basically, what you would do is to use HttpServletRequest.getRequestURL() to parse out the subomain of the request, and then redirect your visitor to the appropriate page.
You could create a redirection-servlet, and use HttpServletRequest#getRequestURL() to distinguish between the URLs requested by the user and redirect based on that.
When the user accesses the servlet, respond with the appropriate .jsp-file based on the domain used.
Related
I am having a html page, which takes in the username and password and takes it to the servlet for authenticating. If authenticated, it gets a link to go to another html page, which accepts input for placing a order, this inputs are finally passed to a servlet, which makes the data persistent by storing it in the database,
By far, i can make a html page for username and password and a servlet for authenticating. even the link for going to another html page, which accepts the input of the order details also works, after that, the servlet does not work.
Using Glasfish Server and netbeans for development.
check Servlet Filter : they are invoked before/after a servlet, and are used to handle authentication, caching, etc
My problem is that I have 2 jsp files in my project: login.jsp and adminpanel.jsp.
My aim is to show the user the login.jsp template and let him log in via a form inside it.
After login, I want my app to show adminpanel.jsp and this is my problem that I can still access it by just writing url .../adminpanel.jsp.
How can I disable this option? It just makes no sense to login if you can reach adminpanel.jsp so easily.
what you need to do is set a session variable when user logs in via login.jsp ie only if both username and password is correct .
after that on all other pages ( including adminpanel.jsp ) check if the session variable exist. If yes allow user to view the page , else redirect to login page.
Also check http_redirect or url rewritting by which you can mask original url.
Check links below for more info
http://www.jsptut.com/sessions.jsp
http://www.javatpoint.com/url-rewriting-in-session-tracking
First, your authentication should be handled by a servlet (essentially your controller class). Second all views that should not be directly accessed like in your case ought to be placed inside your WEB-INF folder, forcing your application to call the appropriate controller class. It is here where you force redirects or forwards based on your business logic and session /cookie management.
I am learning Java servlets on Tomcat environment. I am learning how to use form based login authentication using j_security_check. So, in my servlet, I have a login page that has j_username and j_password. In web.xml file of that servlet, I have the welcome page list indicating my landing page, "landing.html". So, ideally, after successful login, I want the user to get redirected to "landing.html" page.
Without the authentication (no form based authentication), My servlet opens up and goes to "landing.html" page as expected ("localhost:8080/MyServlet" - shows the content of the landing.html).
However, now, after a successful login with j_security_check, for some reason, I get automatically redirected to the .css file for "landing.html" file. I can't understand why is this happening.
Is there a particular way how I can tell the server to just load the "landing.html" page after successful authentication and not forward it to any where else?
EDIT
*Okay, I solved it.
The css file which was loading after successful authentication was listed within the <head></head> tags of the login.html page where the j_username and j_password are. I added that css file to make the login page's design consist with the rest of the website. My guess is that when the server is re-loading the wanted resource, for some reason it was simply re-loading the top css file from the head tag.
Really weird.
So, is j_security_check is the best way to do any authentication for websites on Tomcat or is there a better and more reliable way?*
The behavior of form-based authentication is the following:
the browser sends a request to a protected URL
the server intercepts its request, sees that you're not authenticated, and redirects to the loginf form page
the user logs in
the server redirects to the URL that triggered the authentication: the protected URL asked in the first step.
This is good, because it allows a user to bookmark a protected page, come back the next day to this bookmarked page, log in, and go directly to the bookmarked page rather than the welcome page.
My guess is that the landing page is not protected, but its CSS file is. So the request that triggers the authenticationis the request that tries to load the CSS file, which causes the user to be redirected to the CSS file.
I am developing a web application where users are going to register on it, after that it displays a dashboard for each user.A Dashboard will be unique to the every user,It should be similar to facebook(i.e if user registers to the FB the unique URL address is generated like www.facebook.com/'name-of-theuser'). I want to implement same functionality on my web application ,what is the logic behind this?How do i implement this? Kindly help me.
Technology using for this is: Front-end : HTML and scripts
Server-Side:Servlets and JSP's
I will have a servlet whose url pattern is /users/*
Then for every user I will have urls
/users/usera
/users/userb
/users/userc etc
In the servlet I will check the getContextPath of the HttpServletRequest and serve a unique page based on the contextPath.
This should help you out:
http://www.workingwith.me.uk/articles/scripting/mod_rewrite
And here is a 'Java version' (for use as a ServletFilter):
http://www.tuckey.org/urlrewrite/
I'm using spring-security and struts 2. Most of our pages have content that is unprotected mixed with some protected content (user controls) so it is not like the examples where you go to a certain page and spring-security intercepts everything. Rather I'd like to be able to work with a login form that you access by pressing a login button on any page. Once you've succesfully authenticated you should be redirected to the original page.
This is where I'm stumped. Sending the URL to redirect to can be done by adding it into the form action like so:
<form action="/j_spring_security_check?spring-security-redirect=${url}" method="POST">
<...>
</form>
The problem is that after this login fails spring-security redirects to the same page (it's set up to do that in the application context) and I have no way to retrieve the url I passed to spring-security-redirect. If this were accessing one of my own classes I would normally just pass it along as a hidden parameter in the form or a request parameter of my login controller. But since spring security is the one doing the redirection I'm a little lost.
So far the only solution I've come up with is trying to store this url in the sesssion, but then there's also no good way to remove it after a login completes succesfully. Any ideas?
If you use Spring Security 3.0, you can customize AuthenticationFailureHandler. For example, its default implementation can be configured to use forward instead of redirect.