How to propagate JSP-Container-Login and EJB-Lookup?

I think I have a very common problem which should be solved by multitudes of developers, but still I can't find sufficient info how to solve it. Here is my problem:
- My App consists of 2 different EARs, one Web-EAR and one EJB-EAR
- The Webapp uses digest authentication through web.xml security-constraint
- Currently both EARs are using xml-based security-provider (jazn)
- Any user has to log in to the webapp (this works)
- the webapp delegates business-logic to EJB3 stateless SessionBeans
- as long as I hardcode principal and password on the creation of the InitialContext, the authentication on the EJB-container works also fine
- what I need is a propagation of the logged in webapp user to the EJB-container
- I switched on subject-propagation as described in OC4J security guide chapter 18
The problem: The propagation doesnt seem to work as expected. I still have to use (hardcoded) user/password credentials upon InitalContext-creation.
- How can I reassure that subjectpropagation is switched in?
- How do I have to instantiate the InitialContext in order to use propagation?
This is what I do now:
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.j2ee.rmi.RMIInitialContextFactory");
p.put(Context.PROVIDER_URL, ormi://localhost:23791/EJB-EAR);
p.put(Context.SECURITY_PRINCIPAL, "myuser");
p.put(Context.SECURITY_CREDENTIALS, "mypassword");
Context = new InitialContext(p);
When loggin into the web-container, the password of the logged-in user is not accessible anymore. Because of that I thought automatic subject-propagation shouold solve my problem. Did I misunderstood the concept of subjectpropagation (using ORMI)

So far I have achived the following, but my problem is not really solved:
As long as I use EJBs within the same EAR of my webapp everthing is fine.
No need to proved credentials with the instantiation of the InitialContext. Also subject-propagation is not needed.
At the moment I split ejb and webapp into separate EAR on the same OC4J-instance, I have to use the RMIInitialcontextFactory, to get acces to the EJBs at all. Subject-Propagation is obviusly on, because without the call of Subject.getSubject(AccessController.getContext) delivers null!
So the remaining question is, how do I initiate the subject-propagation over RMI? Is there a special name under which I have to put my subject? Do I have to execute the actual ejb-method-call by subject.doAs.. and thus have to provide a wrapper for my EJB as a ProtectedObject?
Anybody?

Similar Messages

I have deploy an EJB in weblogic 6.1,but how to use jsp to invoke the EJB's method?

i have deploy an EJB in weblogic 6.1,but how to use jsp to invoke the EJB's method?
thanks!

You'd do something like:
<%
//vvv this part can potentially be done in initialization
Context ctx = getInitialContext();
BeanHome home =
(BeanHome)PortableRemoteObject.narrow(ctx.lookup("the.jndi.name"),
BeanHome.class);
Bean b = home.create();
//^^^
Result r = b.invokeMethod();
%>
"toxin" <[email protected]> wrote in message
news:3d2e95e5$[email protected]..
>
i have deploy an EJB in weblogic 6.1,but how to use jsp to invoke theEJB's method?
thanks!

Dunno how to write JSP for login in......

Can someone help mi on write JSP coding for login in page?i dun really know how how to write JSP coding. i m now doing a project on Private Driving instructor portal where people can register as trainee or instructor.now i want to write the JSP coding on the login page part.... when instuctor login it will go to a instructor's main page n if a trainee login it will go to a trainee's main page.Can someone help mi on this??? it's very urgent n important for mi.Please help mi.

The easiest method I have found is to use a database to store the users details along with a flag indicating whether they are a trainee or an instructor. Upon logging in, you can use a bean to connect to the database and retrieve these values, then it is a simple matter of a jsp:forward tag to re-direct to the applicable page for trainee or instructor ...
e.g.
<pre>
***JSP PAGE ***
<%@page language="java" buffer="32kb" import="jspclasses.customer.*" errorPage="./error.jsp"%>
<jsp:useBean id="userBean" class="jspclasses.userInfoBean" scope="session"/>
* Get user and pass from form variables. (if passed)*
String user = request.getParameter("username");
String pass = request.getParameter("password");
* Retrieve fullname from session object. (if exists)*
fullname = (String)session.getValue("fullname");
String fwdPage = (String)session.getValue("fwdPage");
if (fullname==null) {
     try {
     * If no session has been established then attempt to create one using *
     * the values passed through via form. If no values have been passed *
     * through then variables will equal null as opposed to empty strings. *
     * If null is evident, catch with NullPointerException. *
          if (user.equals("") || pass.equals("")) {
               fullname = "Not";
          } else {
               * Send values to method which validates users *
               userBean.setUserInfo(user,pass);
               * If an error was encountered within userBean the error *
               * instance variable will != null. *
               if (userBean.error == "") {
                    fullname = userBean.getFullname();
               } else {
                    * Error was encountered so we set fullname to "Not", if *
                    * user was entered we re-display value and we instantiate *
                    * error variable to error value of userBean. *
                    fullname = "Not";
                    if (user!=null) uservalue=user;
                    error = userBean.error;
                    //out.println("Error is not null:<br>"+error+"<br>");
               if (fullname!="Not") {
                    session = request.getSession(true);
                    session.putValue("fullname",fullname);
                    session.putValue("email",user);
                    session.putValue("user_id",userBean.getUserId());
                    session.putValue("user_type",userBean.getUserType());
                    session.putValue("sessionid",session.getId());
                    session.setMaxInactiveInterval(12000);
***END JSP***
*** START BEAN ***
public void setUserInfo(String user, String pass) {
String stmtString = "";
ResultSet rs = null;
// Check to see if a valid connection is available
getConnection();
// If getConnection returns null then
// connection successfully established
if (error.equals("")) {
try {
// Create SQL string to be sent to database
stmtString = "select * from serv_user where email = '" + user + "' and password = '" + pass + "'";
// Execute SQL
rs = stmt.executeQuery(stmtString);
// Specify estimated rows to be returned
rs.setFetchSize(1);
// If a row is returned get first and last name
if (rs.next()) {
user_id = ((rs.getString("USER_ID")!=null)?rs.getString("USER_ID"):"");
("USER_TYPE_ID"):"");
first_name = ((rs.getString("FIRST_NAME")!=null)?rs.getString("FIRST_NAME"):"");
last_name = ((rs.getString("LAST_NAME")!=null)?rs.getString("LAST_NAME"):"");
business = ((rs.getString("BUSINESS_NAME")!=null)?rs.getString("BUSINESS_NAME"):"");
address = ((rs.getString("ADDRESS")!=null)?rs.getString("ADDRESS"):"");
suburb = ((rs.getString("SUBURB")!=null)?rs.getString("SUBURB"):"");
state = ((rs.getString("STATE")!=null)?rs.getString("STATE"):"");
postcode = ((rs.getString("POSTCODE")!=null)?rs.getString("POSTCODE"):"");
hom_phone = ((rs.getString("HOM_PHONE")!=null)?rs.getString("HOM_PHONE"):"");
bus_phone = ((rs.getString("BUS_PHONE")!=null)?rs.getString("BUS_PHONE"):"");
mob_phone = ((rs.getString("MOB_PHONE")!=null)?rs.getString("MOB_PHONE"):"");
fax = ((rs.getString("FAX")!=null)?rs.getString("FAX"):"");
email = ((rs.getString("EMAIL")!=null)?rs.getString("EMAIL"):"");
pass_hint = ((rs.getString("PASSWORD_HINT")!=null)?rs.getString("PASSWORD_HINT"):"");
else {
error = "User <b>"+user+"</b> does not exist with specified password.<br>Please try again.";
} // END : ResultSet = true
} // END : TRY
catch (SQLException sqle) {
error = "<b>Error accessing database:</b><br> "+sqle.toString()+" - ORA:"+sqle.getErrorCode();
catch (Exception e) {
error = "<b>Error occurred in method setUserInfo()</b><br> "+e.getMessage();
} // END : CATCH
finally{
closeConnection();
try{
rs.close();
}catch(SQLException sqle){
} // END : IF
} // END : METHOD
} // END : BEAN
***END BEAN***

How can i make custom login and priviliges pages depend on database ?

Hi all,
how can i make custom login page and custom security pages depend on oracle database tables.

User, please tell us your Jdev version!
Have you used the search field in the forum?
This had been asked a couple of times.
http://biemond.blogspot.in/2008/12/using-database-tables-as-authentication.html and
http://biemond.blogspot.in/2008/12/using-weblogic-provider-as.html
Timo

How can I force ALL logins and passwords to save/remember

I have upgraded to Firefox 8.0. However I can no longer force force Firefox to remember my logins and passwords for certain sites. I was able to do this with my old version by changing some config setting. However, I can not find anything about 8.0 where I can do that again. I'm running XP Pro. Can anyone help? Thanks.

The website may be using autocomplete=off to prevent Firefox from saving the name and password.
You can remove autocomplete=off with a bookmarklet to make Firefox save the name and password.
*http://kb.mozillazine.org/User_name_and_password_not_remembered
See also:
*Saved Password Editor: https://addons.mozilla.org/firefox/addon/saved-password-editor/

How to populate the main table and the lookup's at the same time

Hi ,
What I have with me is the XML files which contain the data from the material master and the excel sheet which talks about the mapping . it basically tells me which field of the main table maps to which field of which segment in the IDOC and also the name of the table and the field in the R3 system .
I wish to use this info to populate the data in the material repository .
- How can I populate the data in the lookup table at the same time when I am populating the main table ? I have only the XML's that correspond to the main table . I don't have seperate data for the lookup tables .
- Can I use the standard maps available for import in the business content of material repository in MDM ?
- If the answer to the second question is NO then I think i can create the maps and save them for future use .
Regards
Deepak Singh

Hi, Deepak
>>> - How can I populate the data in the lookup table at the same time when I am populating the main table ? I have only the XML's that correspond to the main table . I don't have seperate data for the lookup tables .
I don't think you can populate both main table and all fields of lookup tables at the same time, i.e. using same map. You can consider 2 options to upload all information you have:
1) If your XML file contains data you would like to upload to lookup tables, you can upload it to MDM lookup tables with several maps using same XML and choosing different sections of that XML corresponding to different MDM lookup tables.
2) Also you can upload main table simultaneously with lookup table entries (using same map), but in this case new lookup table entries will only contain display field values that you mapped. To do this you should use 'Add' value mapping functionality for fields that you mapped to lookup tables.
>>>- Can I use the standard maps available for import in the business content of material repository in MDM ?
1) In case you have material master repository delivered by SAP and you use XML files which structure corresponds to SAP predelivered XSD schemas then you can use these maps undoubtedly.
2) If your repository is based on SAP predelivered, but you changed it ,you should adjust these maps due to differences in repository structure and XML files structure.
3) If you created your repository from scratch you should consider option of making your own import maps.
Regards,
Vadim Kalabin

SAS9.1 Persistence and EJB lookups (not registered in JNDI?)

I am trying to deploy a very basic EJB3 module to test my learning. The module deploys via the Admin Console without apparnet error. Unfortunately, when using the generated test page for the web-service, I am having total failure which seems to be around the persistence unit and EJBs not being created in the JNDI.
I have an @Stateless/@WebService bean:
package com.flexit.buslogic;
import java.util.logging.Level;
import javax.ejb.Stateless;
import javax.ejb.EJB;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import com.flexit.persistence.eao.OwnerFacade;
@WebService
@Stateless
public class CreateOwner {
     @EJB
     private OwnerFacade ownerFacade;
     public CreateOwner(){}
     @WebMethod
     public Integer addOwner (
               @WebParam(name="Name") String name){
         LogUtil.log("Add owner request " +
                    "received for "+name,
                    Level.INFO, null);
        return ownerFacade.findAll().size();
}The OwnerFacade EJB injection fails with avax.ejb.EJBException: nested exception is: javax.ejb.CreateException: Could not create stateless EJBIf I instantiate a 'normal' reference to OwnerFacade (ie OwnerFacade ownerFacade = new OwnerFacade(); I get a similar error in the OwnerFacade EJB in relation to an attempt to inject an EntityManager:
package com.flexit.persistence.eao;
import java.util.List;
import java.util.logging.Level;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import com.flexit.persistence.LogUtil;
import com.flexit.persistence.Owner;
@Stateless
public class OwnerFacade implements OwnerFacadeLocal, OwnerFacadeRemote {
     // fields
     @PersistenceContext(unitName="FlexIBuildPU")
     private EntityManager entityManager;
     public OwnerFacade () {
          if (entityManager == null) {
               LogUtil.log("unable to get an Entity Manager Instance", Level.SEVERE, null);
...The constructor logs that the entityManager is, indeed, null.
I have tried the code on SAS9 and 9.1 and using the default JavaDB and a MySQL connection pool (successful ping) and datasource (named 'jdbc/FlexDBDS') created through the Admin Console. The persistence unit is defined in a persistence.xml file in the META-INF folder:
<?xml version="1.0" encoding="UTF-8"?>
     <persistence xmlns="http://java.sun.com/xml/ns/persistence"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
         http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
          <persistence-unit name="FlexIBuildPU" transaction-type="JTA">
               <jta-data-source>jdbc/FlexDBDS</jta-data-source>
          </persistence-unit>
</persistence>Can anyone please save me from tearing my hair out (more)?

Have managed to resolve. There were two problems
First I was attempting to access a session bean directly rather than via an interface (eejit!) - ie:
@EJB OwnerFacade ownerFacadewhen it should have been:
@EJB OwnerFacadeLocal ownerFacadeSecond, the persistence unit wasn't created properly. In playing around with persistence.xml I moved from:
<?xml version="1.0" encoding="UTF-8"?>
     <persistence xmlns="http://java.sun.com/xml/ns/persistence"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
         http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
          <persistence-unit name="FlexIBuildPU" transaction-type="JTA">
               <description>This unit manages BMS units, owners, offers, and acceptance.</description>
               <jta-data-source>jdbc/FlexDBDS</jta-data-source>
               <properties>
                      <property name="toplink.jdbc.driver" value="com.mysql.jdbc.Driver"/>
                      <property name="toplink.ddl-generation" value="create-tables"/>
               </properties>
          </persistence-unit>
</persistence>to:
<?xml version="1.0" encoding="UTF-8"?>
     <persistence xmlns="http://java.sun.com/xml/ns/persistence"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
         http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
          <persistence-unit name="FlexIBuildPU" transaction-type="JTA">
               <description>This unit manages BMS units, owners, offers, and acceptance.</description>
               <jta-data-source>jdbc/FlexDBDS</jta-data-source>
               <properties>
                      <property name="toplink.jdbc.driver" value="com.mysql.jdbc.Driver"/>
                      <property name="toplink.application-location" value="C:\ddl\flexdb\"/>
                      <property name="toplink.create-ddl-jdbc-file-name" value="create.sql"/>
                      <property name="toplink.drop-ddl-jdbc-file-name" value="drop.sql"/>
                      <property name="toplink.ddl-generation.output-mode" value="both"/>
                      <property name="toplink.ddl-generation" value="create-tables"/>
               </properties>
          </persistence-unit>
</persistence>It seems the very action of writing the sql to file helps with the binding. It seems so extraordinary that I think I must of made another mistake which was corrected along the way. In any event, the properties specifying output files may prove useful to others. :)

How does the JSP container resolve taglib URI

My application uses JSPs which have taglibs. The taglibs use absolute URIs(http://java.sun.com/jstl/core). I noticed that if the JAR which would resolve this taglib, which is standard.jar, were to be placed in the <domain>/lib folder, the application would not be able to resolve it. If i packaged the JAR with the taglib definitions in the WEB-INF/lib folder of the WAR file, the application worked fine. Any clues on if this is expected behaviour? I have some other taglibs which refer to http://java.sun.com/jsf/html and jsf/core - these seem to be resolved fine by placing the jsf-impl.jar in the <domain>/lib folder.
Thanks
Ramdas

hello,
unfortunatly it is not quite clear what type of security you want to achieve ...
a) either securing the report for unauthorized running against different data
or
b) securing the stream between the server and the client using HTPPS
for case a) you will have to code the logic into the report so a user can only run the report against his data.
neither HTTPS nor the CGICMD.DAT can help you in this case. you could even use the row-level-security option of the database to achieve that.
regards,
the oracle reports team

How the heck do i login and tell if my box is still covered under applecare

I have looked for this for years and have stilll yet to find it. Help.
Thanks

Go to this page and enter your computer's serial number in the box provided. To find the serial number, choose About this Mac from the Apple menu. Clicking on a block of text in this window once or twice may be required.
(15964)

How to join multiple source tables and do lookup?

I have a requirement to load a target table by joining 4 source tables. Also I have to do a lookup on a domain table to transform codes and check for nulls. What will be the best approach to load the target table?
Is it possible to do it in one interface or do I need to build multiple interfaces to achive this?
My source and target database both are oracle and I am planing to use Oracle Incremental Update Merge.
Thank you

You are in the right direction by creating one interface for this transformation.
You will need to drag drop 4 source tables + the lookup table on the Sources window of Interface and then make appropriate joins.
Also, check for NULLS in the transformation. Depends what you want to do with the NULLS. If you want to ignore them, use a filter.
If you want them to error out, use a constraint.
If you want to convert them, use NVL
Start with Oracle Incremental Update and once successful, use Oracle Incremental Update MERGE.

How many times a perticular Login-id is Logged in and Logged out ?

Hi SAP-Experts .
May u plz tell me Is there any way to fine out How many times a perticular Login-id is Logged in and Logged out in a perticular day .
can we able to find out a Log about a login-id for a week
(every day log for a whole week) .
Best Regards : rajneesh

Dear satosh .
It is giving me the last login date and time Only !
I was asking how many times a person Login and logged out in day or same for week time .
Regards : rajneesh

How to create a container element?

Hi,
Could somebody please tell me how to create a container element and how to create a multi container element? How is this element used in the fork step?
I am using a fork with 3 branches but the agent assignment is a problem.The workitem does not go to the user set in the agents tab.
Regards,
Monica.

Hi Monica,
Within your Workflow Builder, there is a box on the left hand side that (Workflow Container). You should have an option (in change mode) to right-click and create or double-click on the <Double-Click to create> tab.
Or you can go to the Workflow Container "Goto -> Workflow Container" and click on the "Create" <F5> icon.
Same theory applies to creating a container element in your task. Go to your task and click on the "Container" button and select "Create".
When creating your container, you can specify if it is a multiline container by checking "Multiline" under the container attributes.
In a fork step, you would really only use your "Container Element" in the "End Condition" of a Fork step.
Please advise what the "Agent Assignment" is referring to when you're using it in your fork? Which step in the fork?
If you are assigning agents in one step of the fork, you cannot expect these agents to apply to your other 2 fork steps. The forks work independently of each other (to a point).
Please provide more information if you need more help.
Kind regards,
Tom

Forum login and reading

I'm using HTTPClient (not apache/jakarta one) to login to a forum in order to read a page available to members only... The login process is successful but when I instruct the program to read the desired page, I only get a 'you must be logged in' error page. What am I doing wrong?? I accepted the cookie, but should I do something with it??
I've found some similar topics, but none of them seemed to help... If you have any idea on this, please do answer me...
Here's what I've done:
===================================
URI doc_uri,form_uri;
HTTPConnection con;
try {
doc_uri = new URI("http://www.something.net/forum/");
form_uri = new URI(doc_uri,"misc.php?action=login");
con = new HTTPConnection(form_uri);
// create the NVPair's for the form data to be submitted
NVPair[] form_data =
new NVPair[] {
new NVPair("username", "somename"),
new NVPair("password", "somepass"),
new NVPair("hide", "1"),
new NVPair("secure", "yes"),
new NVPair("loginsubmit","Login")
// POST the form data, as indicated by the method attribute
System.out.println(form_uri);
HTTPResponse rsp = con.Post(form_uri.getPathAndQuery(), form_data);
} catch (ParseException ex) {
ex.printStackTrace();
}catch (ProtocolNotSuppException ex) {
ex.printStackTrace();
}catch (java.io.IOException ex) {
ex.printStackTrace();
}catch (ModuleException ex) {
ex.printStackTrace();
read();
======================================
read() opens a DataInputstream on URLConnection and does standard reading... My mistake is probably there... How should I maintain my login and read the protected page??
Thanks a million.

Additional to the above post, I can't log out either.
Both the links to 'Logout', on the top left and right apparently link to 'javascript.window.close()' which obviously just closes the browser window and leaves you with a blank browser.

We want to deploy Servlet/JSP in JServ and call the EJB's deployed in iPlanet App Server 6.0 SP2. How do we make the getInitialContext Call be able to access the EJB's.

Additionally what configurations do we need to make sure we have on JServ (Third party Servlet container) to make sure that the iPlanet EJB's can be accessed.

Let me preface my instructions with the comment that this isn't a good idea. Although the J2EE specification allows you seperate your web container from your EJB container, in practical deployments it is a bad idea. The overhead of doing RMI/IIOP calls to an external container as opposed to making inter-JVM calls means that you can expect roughly an order of magnitude less performance than if you colocate your web and EJB containers. (This is why all EJB containers are also web containers, or at least have the provision to install themselves in the same JVM as a web container.)
That said, if you do not have the option to move the servlets to iAS, you can access EJB's in iAS from JServ the same way that you would from any remote client. Take a look at the following information for more detail:
Chapter 9 of the developer's guide ( this shows you what changes you need to make to the remote JVM (at JServ) and in the EJB's that you are exposing).
The RMI/IIOP sample application. This gives you an example of how to access EJB's from outside the container.
(To answer your direct question, the following code will get the initial context. But if you don't take all of the other configuration steps, this code won't work:
env.put("java.naming.factory.initial", "com.sun.jndi.cosnaming.CNCtxFactory");
env.put("java.naming.provider.url", "iiop://" + host + ":"+port);
Context initial = new InitialContext(env);
I'd also suggest that you approach the task with the following approach. (Assuming that I haven't managed to convince you that this is a really bad idea.)
1. Get your EJB's working on iAS. Test them with servlet harnesses running on iAS.
2. Get your servlets working on JServ, if they aren't already.
3. Create a simple standalone Java application as a test harness for EJB's. Follow the RMI/IIOP instructions until you get this test harness working.
4. Create a simple servlet test harness in JServ to access your EJb's. Follow the JVM setup instrucitons until you get this working.
5. Actually integrate the EJB's with your production application.
I say this because there are about five trillion things that can go wrong in this process. Although the troubleshooting steps in the docs are helpful, I find that it helps to get one thing working at a time. It's very frustrating to spend a day trying to resolve JNDI issues only to find out that you have your CXS configured improperly.

Session Login and Logout in jsp page

hi
i am developing jsp page
i completed except logout.jsp page
my login page is in Jsp format and then business Logic in servlet and then get method & set method in bean.java
i have login and then it sucess page there i have singout button
if i sign out it should go to login page
how to do
how to make session invalidate
how to get session id
i have one more doubt i should check session invalidate each jsp page
regarding session login and logout in jsp
if anybody knows please give me a piece of code regarding login and logout
Regards
Akshatha

This is part of your filter class now you need login.jsp page
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="Stylesheet" type="text/css" href="/PAS/css/site.css"/>
    <title>Automation System | Login Page</title>
</head>
<body>
<div align="center">
    <h1>Photint Automation System</h1>
</div>
<br/><br/><br/>
<center>
    <table border="1" cellpadding="0" cellspacing="0" width="40%" bgcolor="FFFFFFFF">
        <thead>
            <tr>
                <th align="left" height="30"> <h3> Login</h3></th>
            </tr>
        </thead>
        <tbody>
            <tr>
                <td>
                    <div align="center">
                        <form name="LOGIN" action="/PAS/LoginServlet" method="POST">
                            <table border="0">
                                <tbody>
                                    <tr>
                                        <td height="15"></td>
                                        <td height="15"></td>
                                        <td height="15"></td>
                                        <td height="15"></td>
                                    </tr>
                                    <tr>
                                        <td height="30"></td>
                                        <td align="right" height="30">User Name : </td>
                                        <td align="left" height="30"><input type="text" name="USERNAME" value="" size="35" /></td>
                                        <td height="30"></td>
                                    </tr>
                                    <tr>
                                        <td height="30"></td>
                                        <td align="right" height="30">Password : </td>
                                        <td align="left" height="30"><input type="password" name="PASSWORD" value="" size="35" /></td>
                                        <td height="30"></td>
                                    </tr>
                                    <tr>
                                        <td height="50"></td>
                                        <td height="50"></td>
                                        <td align="center" height="50"><input type="submit" value="Login" name="Login" /> <input type="reset" value="Reset" name="Reset" /></td>
                                        <td height="50"></td>
                                    </tr>
                                </tbody>
                            </table>
                        </form>
                    </div>
                </td>
            </tr>
        </tbody>
    </table>
</center>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/>
<center>Copyright © 2009 Photint FZ LLC</center>
<center>Powered by Ali Jamali</center>
<center>Version : 1.0</center>
</body>
</html>And you need loginServlet.java
package com.ali.util.filter;
import com.ali.entity.user.UserEntity;
import com.ali.util.HibernateUtil;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;
    protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("USERNAME");
        String password = request.getParameter("PASSWORD");
        if (username == null || username.length() == 0) {
            System.err.println(" Username textfeild is empty ..... !");
            RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
            dispatcher.forward(request, response);
            return;
        if (UserRegistry.isUserLoggedIn(username)) {
            System.out.printf("User [%s] is already logged in. \n", username);
            RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
            dispatcher.forward(request, response);
            return;
        UserEntity user = null;
        try {
            user = (UserEntity) HibernateUtil.load(UserEntity.class, username);
            if (user == null || !user.getPassword().equals(password)) {
                RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
                dispatcher.forward(request, response);
                System.err.println(" Password or username is not valid ..... !");
                return;
        } catch (Exception e) {
            e.printStackTrace();
            RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
            dispatcher.forward(request, response);
            return;
        HttpSession session = request.getSession();
        System.err.println(request.getRemoteAddr());
        session.setAttribute("username", user.getFirstName());
        session.setAttribute("userType", user.isAdmin());
        UserRegistry.logInUser(username);
        response.sendRedirect("/PAS/index.jsp");
}finally is you need to just one user can be online at time or need to know how many user & who is online you should at this class also
package com.ali.util.filter;
import java.util.ArrayList;
import java.util.List;
public class UserRegistry {
    private static final List loggedInUsers = new ArrayList();
    public static void logInUser(String username) {
        loggedInUsers.add(username);
    public static void logoutUser(String username) {
        if (isUserLoggedIn(username)) {
            loggedInUsers.remove(username);
    public static boolean isUserLoggedIn(String username) {
        return loggedInUsers.contains(username);
}If you have any more Q. or any comment , Most welcome
Thanks
Ali Jamali

How to propagate JSP-Container-Login and EJB-Lookup?

Similar Messages

Maybe you are looking for