I've managed to create a secured web service which stores the hash of password with random salt
But now after the user has filled its correct username and password then he is redirected to index.html page.
and now my task is to create the same thing as you see here in stackoverflow in the left corner - I want the user to see his username and next to it to have an option for logout.
But as I have never done such thing can you recommend the steps I should follow
and some tutorial - or whatever you think I should read
What is the technology stack you are using ? JSP + Java ? JSF + Java ? Struts + Java ? or any-other ? Whatever you use. Most of the framework has a concept of session. When user hit the submit button post filling the form, store the "username" is session. On successful validation pull the "username" stored from session. http://www.javatpoint.com/cookies-in-session-tracking http://www.tutorialspoint.com/jsp/jsp_session_tracking.htm
Easiest way is to have link to page like
http://www.example.com/logout.jsp
Than in logout.jsp, you can logout user from DB (if you use that) and destroy SESSIONS and COOKIES. After that, you do redirect to index page of web. Doing redirect to last page is not always possible, because user coul have been in some logged only part of the web.
Good thing is also to check if user is logged before doing real logout, but all of this stuff is in logout.jsp. There is no need to doing it more complicated, than it is :-)
As you are using JSP you should be using HttpSession. So you only have to call invalidate method when you access the logout page (in this case, logout.jsp):
<% session.invalidate(); %>
<% response.sendRedirect("index.jsp"); %>
If you are using a servlet, you can process this there.
If you want to know more about JSP/servlet development I recommend you this series of videos, if you have little experience they are very easy to follow.
Related
I am running Tomcat 8. Currently I have pages that users always need login to see, and pages that the user never has to login to see. I have both of these cases working.
But now I need to make a page that users SOMETIMES have to login to see (based on the data/configuration of what is being asked for).
Given that, I can't just throw the servlet endpoint in the web.xml web-resource-collection, it wont work that way.
I have tried returning a login view from my servlet, with the standard wiring for j_securtiy_check, but when the service comes back it does not look like the login worked.
To get around my issue, here is what I did.
In my servlet, I grab the data for the object I need to render, if the object states the user needs to be authenticated to view, I check the authentication with request.getRemoteUser().
If no user is found, I redirect to a secure url with a new servlet. The url will have a ?return=myurl in the url. In this case, the login page displays and the new servlet sees the return url and redirects back to the original page.
The original page now does user lookup again, but this time the user is logged in.
This is not the ideal solution, but it does work.
I have a jsp page having a 'submit' option for input.On clicking it i want to update the value of a table called tbIndividual.What can be the best approach to do it?
On jsp page i have somthing like this :
User Name : <%=rs.getString(2)%>
First Name : <%=rs.getString(4)%>
Last Name : <%=rs.getString(5)%>
Email Id : <%=rs.getString(6)%>
Contact : <%=rs.getString(7)%>
<input type="submit" value="ADD"></input>
And now i want to update the value of status of that particular individual from 'NO' to 'WAIT' state.On click of this submit button.
Is making new servlet for this task a good option or doing the code in jsp a better one ?
If i need to make a new servlet then what will be the code for it on jsp page .?Please help.
If you are trying to learn servlet with this project then you should create a separate servlet where you will perform your business logic (e.g addition of element in Db) and jsp should be kept away from business logic because role of jsp is to render the output not to produce the output.
If this is a project for production purposes, then you should ( IMO you must ) opt some web framework. As framework will reduce your effort, headache and increase productivity.
First of all, there are certain things you need to understand while developing web applications in Java. I have a few recommendations and inputs
Please don't use Scriptlets. Scriptlets are deprecated and they make your code clumsy and the maintainance will be hard. Use JSTL
You need to create a form in your html to have a set of variables to push them to the server on clicking submit button. The form will have an action attribute which contains the URL where the request should be sent
Create a Servlet and map with the action URL and write the doPost method which can receive the form parameters and do the business logic whatever changing the status from NO to WAIT or anything else
Please take a note that you need to have Session variables in order to have the store the data in between requests from the same client. eg browser.
Is making new servlet for this task a good option or doing the code in jsp a better one ?
Writing a new servlet is a good option, than doing the business logic in jsp page. jsp is meant for presentation, just view. They shouldn't be used to perform business logic
If i need to make a new servlet then what will be the code for it on jsp page .?
JSP should just have all the necessary html elements and attributes like form, action attribute etc.. to post the parameters in the request to the action URL. Please note the method attribute of form. You should use HTTP POST method for posting form parameters to the server
Note : Finally, Writing Servlets are also NOT recommended. Instead, you should opt for webframeworks like Spring MVC , Struts etc. Please go through the link to understand about web frameworks answered by #BaluC
Hope this clarifies.
Ok, so I've got an interesting case of login page redirection going on.
My webservice has a login page (login.html) with some javascript to handle logging in and redirecting to a hardcoded 'default' page. The webservice is written in Java with a servlet filter handling redirection if a user is unauthenticated (so if a user tries to access domain/statistics without being logged in, they are directed to domain/login.html). The redirection from the protected services works: I can redirect to the login page and once a user is authenticated, redirect them to a default page. I am having issues, however, redirecting to the previous page.
I know this is usually handled with the argument document.referrer in the Javascript, which I have tried, but due to the Java's redirection with response.sendRedirect, the Referer header is not sent.
How can I get these two aspects to redirect to the previously called page? Is it something I need to add on the Javascript side, the Java side, or both?
What I've done is to drop the original (redirected) URL into a hidden input field on the login form. The code that does the authentication should just check that parameter, and if it's not empty it can redirect after establishing the session.
You have to be careful doing this to prevent XSS attacks etc., but it's not that hard and it works just fine.
In my framework (Stripes), I can push the original URL (taken from the HttpServletRequest object, a combination of the servlet path, the "path info", and the query string) into a special holding box that will cause the framework to give it back to me on the next request as a parameter. Without that, the simple thing to do is add the URL as a parameter when you redirect. Just URL-encode the original attempted URL and tack it onto the redirect URL with some parameter name. Then, on your login page, you just check for it:
<c:if test='${not empty param.attemptedUrl}'>
<input type='hidden' name='attemptedUrl' value='${fn:escapeXml(param.attemptedUrl)}'>
</c:if>
Then your login action will get that parameter too when the login form is submitted, and it can act on it as appropriate.
Send Redirect will ask to the client to repeat the request to the resource you choose. Have you think of Spring Security with minimal configuration you can achieve this quite easily.
Take a look at this:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html
I am working with jsp/servlet project and I have to complete the module of access management to my jsps since I have more than one user with different profile.
I defined a table in my database which resume the profil and the url permitted like that:
id_profil :1
url : http://localhost/...xyz.jsp
id page 1
Now I am trying to let the menu modified appropriately to the id_profil of the logged user.
So there are pages allowed in one profile but must be hidden to others.
I have no idea since now how to realize this.
It's kinda a vague exaplanation but you could use an if in your jsp to hide the menu options based on id_profil, something like this:
<c:if test="${currentUser.id_profil == 1}">
<button label="Only id_profil 1"/>
</c:if>
Keep in mind that by changing the values shown by a menu, you aren't preventing a user from accessing a page directly -- even if the user can't get to xyz.jsp by dropping down a menu item, they can still enter xyz.jsp into the address bar of their browser. So you'll have to block the access in another way.
If you have any experience with Spring, or are considering implementing it, take a look at Spring Security. It can be used to limit user access rights to different parts of your application. It isn't terribly hard to implement if you are already familiar with Spring.
ETA: For some basics that don't involve Spring Security, check out security in web.xml: http://java.sun.com/javaee/5/docs/tutorial/doc/bncbe.html#bncbj
I am trying to figure out how to do the following.
I have webpage at a certian location called www.hello.com/logout.jsp
What I am trying to do with logout.jsp is delete all the cookies that were stored when initially logging in. The problem is that there exists a cookie for a website with a different domain that is stored when logging in. The one way I can delete that cookie is through the logout link for that website e.g. www.hello2.com/logout.jsp
Is there anyway I can call www.hello2.com/logout.jsp from www.hello.com/logout.jsp?
I am trying to just make a call for www.hello2.com/logout.jsp from www.hello.com/logout.jsp and then redirect the user to another page on www.hello.com
Thanks in advance :D
If I understand correctly, you are trying to do an HTTP POST( or GET ) to www.hello2.com/logout.jsp while processing HTTP request to your web application's logout.jsp.
You should really consider coding your logic in Servlets and using JSPs only to present data, but in the meantime you can create a scriptlet inside your logout.jsp and do a call to another web page in there ( just don't code the whole thing in JSP, only make a call to a static method ).
In that static method you can use HttpClient to do whatever HTTP request you need from www.hello2.com.
Here are additions to your logout.jsp
<%# page import="my.package.Hello2Call" %>
<%
Hello2Call.postLogoutRequest( );
%>