JSP: How to check if a user is registered?

Question

JSP: How to check if a user is registered?

I am learning Java Web, but I have some problems and I need help. I use template.jsp, which I include header.jsp, footer.jsp, login.jsp (the left side of the template) and ${param.content}.jsp . For each page named X.jsp, I made another jsp with the following contents, because I want each page to have the same layout:

 <jsp:include page="template.jsp"> <jsp:param name="content" value="X"/> <jsp:param name="title" value="Start navigate"/>`enter code here` </jsp:include>

When I click on the Browse link, for example, I want to redirect to Review.jsp, but I have some problems. In footer.jsp, I have something like this:

 (...) < a href =" Review.jsp "> Review </a> (...)

After logging in, I try to click Browse, it will send me to Review.jsp, but it shows me that I have not logged in. I am using Spring Framework, Tomcat 7, Eclipse, MySQL. When I log in, I create a cookie:

 String timestamp = new Date().toString(); String sessionId = DigestUtils.md5Hex(timestamp); db.addSession(sessionId, username, timestamp); Cookie sid = new Cookie("sid", sessionId); response.addCookie(sid);

For each method, I have something like this (I saw this in the tutorial):

 @RequestMapping(value = "/writeReview", method = RequestMethod.GET) public String nameMethod(@CookieValue("sid") String sid,...)

Using sid, I can find out who the user is. I have a database with a user account and some other tables. The problem is that when I click on a review or whatever, it shows me that I am not registered. What can I do?

UPDATE :
I am using JavaBean for user and login.jsp. JSP, which has a text box for login, I have a GET method when I press the button for login.

 @RequestMapping(value = "/login", method = RequestMethod.GET) public ModelAndView createCookie( @RequestParam("username") String username, @RequestParam("password") String password, HttpServletRequest request, HttpServletResponse response) throws SQLException { //code for creating the cookie here, after testing if the user is in my database }

For each page, I submit a sid, and I have an attribute for the model, username:

 public String methodName(@CookieValue(required = false) String sid, Model model) { if (sid != null) { User user = getUserBySid(sid); model.addAttribute("user", user); } (..other data.) return "nameJSP.jsp"; }

I check every JSP if the username is not empty, so that I can see that the user is logged in. The application is going well, it passes parameters if I don’t click the links from the header or footer. The problem is that I have to pass, say, a JSP parameter which is the actual layout content for the JSP that the footer refers to, and that JSP will be the next content of my layout. The layout recognizes only the content and title:

 <title>${param.title}</title> (I didn't paste all the code, I use a table <table>....) <%@ include file="header.jsp"%> <%@ include file="login.jsp"%> <jsp:include page="${param.content}.jsp"/> <%@ include file="footer.jsp"%>

So, how can I include a parameter in this JSP to be received from another JSP? Also, should layout.jsp be accessed and sent to the footer or header?

 <jsp:include page="layout.jsp"> <jsp:param name="content" value="X"/> <jsp:param name="title" value="Start navigate"/> </jsp:include>

+8

java jsp authorization servlets servlet-filters

sonya Jan 2 '13 at 20:50

source share

2 answers

Or just use:

 String username = request.getRemoteUser();

-one

Yster Dec 30 '15 at 14:46

source share

informatik01 · Accepted Answer · 2013-01-03T09:46:14+0000

To pass some parameters to the included JSP:

 <jsp:include page="somePage.jsp" > <jsp:param name="param1" value="someValue" /> <jsp:param name="param2" value="anotherParam"/> .... </jsp:include>

You are already doing this.

OK, the details of the question are not very clear, but I understand. One solution might be the following.

In the login action , if the authentication was successful, create an HttpSession and set the attribute for the authenticated user:

 if (/* authentication was successfull */) { request.getSession().setAttribute("loggedInUser", user); ... }

And in the code where you control, if the user is registered, just check for the corresponding HttpSession :

 HttpSession session = request.getSession(false); if (session == null || session.getAttribute("loggedInUser") == null) { // user is not logged in, do something about it } else { // user IS logged in, do something: set model or do whatever you need }

Or on the JSP page, you can check if the user is registered using JSTL tags, as shown by BalusC in the example here :

 ... <c:if test="${not empty loggedInUser}"> <p>You're still logged in.</p> </c:if> <c:if test="${empty loggedInUser}"> <p>You're not logged in!</p> </c:if> ...

Rescue Filters

But usually you check to see if a user is logged in to restrict access to certain pages (so that only an authenticated user can access them). And you write a class that implements javax.servlet.Filter .

Here is an example LoginFilter from one of my projects:

 package com.example.webapp.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * The purpose of this filter is to prevent users who are not logged in * from accessing confidential website areas. */ public class LoginFilter implements Filter { /** * @see Filter#init(FilterConfig) */ @Override public void init(FilterConfig filterConfig) throws ServletException {} /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); if (session == null || session.getAttribute("loggedInUser") == null) { response.sendRedirect(request.getContextPath() + "/login.jsp"); } else { chain.doFilter(request, response); } } /** * @see Filter#destroy() */ @Override public void destroy() {} }

In this project, I used simple servlets and JSPs without Spring, but you get this idea.

And, of course, must configure web.xml to use this filter:

 <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> ... <filter> <filter-name>Login Filter</filter-name> <filter-class>com.example.webapp.filter.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>Login Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ... </web-app>

Note :
If you use a Web Container or an Application Server that supports servlet version 3.0 and higher, you can annotate your filter class using the @WebFilter annotation, in which case there is no need to configure the filter in the deployment descriptor (web.xml). See an example using the @WebFilter annotation and more filter related information here .

Hope this helps you.

JSP: How to check if a user is registered?

Rescue Filters

More articles: