Levels in login servlet
I am about to extend my login servlet.
First I want to give each user different levels.
Example I have 4 options
- Watch topics
- Modify topics
- Delete topics
- Create new user
User 1 is allowed to do all 4 options.
User 2 is only allowed to use 1st option
User 3 is allowed to use top 3 options
User 4 is allowed to use top 2 options
Which way is the best way to build such 'check'?
Second, I need to have some check added to check if the origin of the login form, is from the same server .
thanks
Andreas
OK, create your role keys like this:
int watchRole = 1; // binary 0001
int modifyRole = 2; // binary 0010
int deleteRole = 4; // binary 0100
int createRole = 8; // binary 1000Your user's all have a 'mask' as well, which would be stored in your database alongside their username and password. If the user joe needs 'watch' and 'modify' permissions, his mask would be 1+2=3:
int userKey = 3; // binary 0011When an action requiring 'modify' permissions is attempted, the following operation will check authentication:
if (userKey & modifyRole == modifyRole) {
// user is authenticated
} else {
// user is NOT authenticated
}So Joe would be successfully authenticated.
You can use different binary AND/OR logic to perform different operations or checks:
(roleKey | roleKey) // combines permissions
(userKey & roleKey) // checks permissions
(userKey | roleKey) // adds permissions
(userKey & !roleKey) // deletes permissionsEg to add 'delete' permissions to Joe you do this:
userKey = userKey | deleteRole;and the resultant userKey now has delete permissions.
I'd recommend googling for binary logic if you're still unsure about how this all works.
Hope that helps.
--Jon
Similar Messages
-
Getting error 404 when iam running a simple login servlet in tomcat
hi
this is my Login.java
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class Login extends HttpServlet
public void doPost(HttpServletRequest rq, HttpServletResponse rs)
String username =rq.getParameter("username");
String password =rq.getParameter("password");
try{
rs.setContentType("text/html");
PrintWriter out=rs.getWriter();
out.println("<html><body>");
out.println("thank u, " + username + "you r logged sucessfully");
out.println("</body></html>");
out.close();
}catch(Exception e){
e.printStackTrace();
i have saved in the form ofC:\Program Files\apache-tomcat-4.1\webapps\sravan\WEB-INF\classes\Login.class
where sravan is my folder
step 2: Login.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>login page</title></head>
<body>
<h1> WELCOME TO THE SERVLET HOME PAGE</h1>
ENTER UR USERNAME AND PASSWORD
<form action="/sravan/Login" method="Post">
username<input type="text" name="username" >
password<input type="password" name="password" >
<input type="submit" value="submit"></form>
</body>
</html>
i have saved in the form C:\Program Files\apache-tomcat-4.1\webapps\sravan\Login.html
step3:
my web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>beginning j2ee</display-name>
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>Login</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>Login</url-pattern>
</servlet-mapping>
</web-app>
i have saved in C:\Program Files\apache-tomcat-4.1\webapps\sravan\WEB-INF\web.xml
step4:
here is my server.xml
<Context path="/sravan" docBase="sravan" debug="0" reloadable="true" privileged="true"/>
saved in C:\Program Files\apache-tomcat-4.1\webapps\sravan\WEB-INF\server.xml
everything is fine....program is compiled ...but when iam running the servlet in tomcat iam getting error 404 Login.html not found....
so plz kindly help me this my first servlet .....There seems not to be any '.html' in your url-pattern
<url-pattern>Login</url-pattern>- so i presume you should use
http://yourhost/Logininstead. -
Why i get servlet exception/login servlet not found exception with .ear ?
I am able to deploy my war and after that generating the ear from that. both works fine in local system.
But when i run (Jboss as service[Java Service Wrapper]) it takes war without any problem.But with ear file i am getting servlet not found exception.I can't understand where this problem is coming from.
Even if i take my JSPWIki ear which is running well in production server, this also gives same error.
One more thing, the files, what i am running well in local system i.e. war and ear working fine. (can't test in production server so testing in same kind of testing server) there also getting login servlet not found exception. Even in same location other files which are deployed are working fine.out of 4 at least one is working fine.
I don't undersatnd where this whole problem is .
Please guiide me where sholud i concentrate to solve this problem.
thnaks
VijendraI took the source code including the dll files already added to the project from here:
spazzarama/Direct3DHook
The solution include two projects the one name Capture is class library type and the dll that make the exception is in this project.
I tried now to use the program Dependency Walker on this dll file and it found error/s:
This is the log:
Error: At least one required implicit or forwarded dependency was not found.
Error: At least one module has an unresolved import due to a missing export function in an implicitly dependent module.
Error: Modules with different CPU types were found.
Warning: At least one delay-load dependency module was not found.
Screenshot:
It happen only when using/detecting Direct3D 11 . So far only in Direct3D 11, When i use it with a game that run Direct3D 9 it's working fine.
The question is how can i solve this dll problem ? Any site/place to download this dll from ? -
RequestDispatcher in login servlet
Hi,
My index.jsp includes a number of pages. One of them is a login bar on the top. A login servlet processes the login action, but I'm not quite sure what to do when login fails. On a successful login, I do a sendRedirect("index.jsp") and it works fine. But when login is unsuccessful, I need to pass an error message to the login box. I put an errormessage attribute in the request, but it doesn't show if I redirect to index.jsp. So I tred to forward like this:
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher("/index.jsp");
}else{
request.setAttribute("errormsg", "Wrong username or password");
dispatcher.forward(request,response);
}Now I get the error message on the page, but the is now /myapp/login instead of /myapp/index.jsp
How do I get back to the index.jsp without losing the error message attribute?
Thanks
AndreForward is a ServerSide Include So that The Browser Don't know about it so the url in browser not changed.
Use sendRedirect instead of forward
response.sendRedirect(); -
Login servlet checks db for ID/PWD
Upon compilation receive the following:
Login.java [31:1] unreported exception java.sql.SQLException; must be caught or declared to be thrown
String uName = validateUser(userId, password);
^
1 error
This occurs with the following code (which does throw the exception, sure I am overlooking something here):
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Login extends HttpServlet {
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
//String nextPage = req.getParameter("nextpage");
String userId = req.getParameter("name");
String password = req.getParameter("password");
String uName = validateUser(userId, password);
if (uName == null) {
PrintWriter out = res.getWriter();
out.println("Please verify the UserId and password");
out.close();
else
HttpSession userSession = req.getSession(true);
userSession.setAttribute("userName", uName);
RequestDispatcher rd =
getServletContext().getRequestDispatcher
("C:/JDK_Forte/forte4j/Development/SF_board.jsp");
if (rd != null)
rd.forward(req,res);
public String validateUser(String inputUserId, String inputPassword)
throws SQLException, ClassNotFoundException{
String returnString = null;
String dbUserid = "Valdarie";
String dbPassword= "Xylithien";
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection("jdbc:odbc:myDriver",
dbUserid, dbPassword);
Statement stmt = con.createStatement();
String sql = "select name from sf_users where name = ''' + inputUserid + ''' and password = ''' inputPassword + ''';";
ResultSet rs = stmt.executeQuery(sql);
if (rs.next())
returnString = rs.getString("name");
stmt.close();
con.close();
return returnString;Hi susandenise1,
Yep like you said, whoever use validateUser will catch or throw the 2 exceptions
since we validateUser could throws 2 exception
public String validateUser(String inputUserId, String inputPassword)
throws SQLException, ClassNotFoundException
-- Paul -
the following are my source code. but i cant show the msg whether the person has login successful or not. i am using j2ee to run my eg.
LoginServlet.java
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LoginServlet extends HttpServlet {
public void init(ServletConfig config) throws ServletException {
super.init(config);
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html>" +
"<head><title>Login</title></head>");
out.println("<body><p align=\"center\">"+
"<font face=\"Arial Narrow\">"+
"<h1><b> Login</b></h1></font></p><hr>"+
"<form method=\"POST\">"+
"<font face=\"Arial Narrow\" size=\"2\">Enter ur username and password:</font>"+
"<p><font face=\"Arial Narrow\" size=\"2\">Username: "+
"<input type=\"text\" name=\"user\" size=\"25\"><br><br>"+
"Password: <input type=\"text\" name=\"pass\" size=\"25\"></font></p>"+
"<p align=\"left\"><input type=\"submit\" value=\"Login\"></p>"+
"</form>");
String username= request.getParameter("username");
String password= request.getParameter("password");
String un="user";
String pw="1234";
boolean loginCorrect = false;
if((username==un)&&(password==pw))
RequestDispatcher dispatcher =
getServletContext().getRequestDispatcher("/result");
if (dispatcher != null)
dispatcher.include(request, response);
out.println("</body>");
out.println("</html>");
out.close();
ResultServlet.java
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
* This is a simple example of an HTTP Servlet. It responds to the GET
* method of the HTTP protocol.
public class ResultServlet extends HttpServlet {
public void init(ServletConfig config) throws ServletException {
super.init(config);
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
PrintWriter out = response.getWriter();
// then write the data of the response
String username= request.getParameter("username");
String password= request.getParameter("password");
String un="user";
String pw="1234";
boolean loginCorrect = false;
if((username==un)&&(password==pw))
loginCorrect=true;
out.println("Login Successfully");
if(!loginCorrect)
out.println("Invalid password or username");
thanksI would add
response.setContentType("text/html");
before
PrintWriter out = response.getWriter();
...also remember that you need it to be valid html... ie. you need all the tags you would use when writing html... (println() them all to your PrintWriter).
I am a little confused as to your problem... is it that ResultServlet isn't being invoked, or an error is happening while ResultServlet is executing ? -
Help with a simple login servlet
I appreciate any help and assistance you all can give. I'm in an Intro to Java class on Georgia State and have an issue with this servlet I'm building. We're developing a login system where we have an http form pass a studentid and pin number to a servlet, then the servlet will match those inputs against the result set from an access database query using sql. I keep getting an error that will be posted below and I can't see any reason why I'd be getting it. Again any help would be appreciated. Here's the info:
import java.io.*;
import java.util.*;
import java.sql.*; // for JDBC
import javax.servlet.*; // for Servlet
import javax.servlet.http.*; // for HttpServlet
public class StudentLogin extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException{
//get parameters
String aStudentId = (String) request.getParameter("studentid");
String aPin = (String) request.getParameter("pin");
//define the data source
String url = "jdbc:odbc:CIS3270Project";
Connection con = null;
Statement stmt;
String query;
ResultSet rs = null;
//exception handling
try {
//load the driver -throws ClassNotFoundException
Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");
catch (ClassNotFoundException cnfe) {
System.err.println (cnfe);
try {
con = DriverManager.getConnection (url, "my-user", "my-passwd");
// create sql statement
stmt = con.createStatement ();
query = "SELECT * FROM STUDENT WHERE StudentID='" + aStudentId + "'";
// run the query
rs = stmt.executeQuery (query);
//get data from result set
rs.next();
String studentId = rs.getString("StudentID");
String pin = rs.getString("PIN");
System.out.println(studentId);
System.out.println(pin);
catch (SQLException ex) {
ex.printStackTrace();
response.setContentType("text/html");
PrintWriter out = response.getWriter();
//compare form data to result set
if(aPin.equals(pin)){
System.out.println("Login Successful");
else{
System.out.println("Login Failed");
The error is as follows:
StudentLogin.java:58: cannot resolve symbol
symbol : variable pin
location: class StudentLogin
if(aPin.equals(pin)){
^
1 error
I've declared pin and there should be no issue with it using it as an argument in this string comparison. Thanks for any light you can shed on this.
-MattAlright, I've broken up the code and made it more modular. Here's my code for my Authenticator class followed by the code in the servlet.
import java.sql.*;
import java.io.*;
import java.util.*;
public class Authenticator{
//define the data source
Connection con = null;
Statement stmt;
String query;
ResultSet rs = null;
public void loadDb(){
try {
//load the driver -throws ClassNotFoundException
Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");
catch (ClassNotFoundException cnfe) {
System.err.println (cnfe);
try {
con = DriverManager.getConnection ("jdbc:odbc:CIS3270Project", "my-user", "my-passwd");
catch (SQLException ex) {
ex.printStackTrace();
public void queryDb(String aStudentId){
try {
// create sql statement
stmt = con.createStatement ();
query = "SELECT * FROM STUDENT WHERE StudentID='" + aStudentId + "'";
// run the query
rs = stmt.executeQuery (query);
catch (SQLException xe) {
xe.printStackTrace();
try {
//get data from result set
rs.next();
String studentId = rs.getString("StudentId");
String pin = rs.getString("PIN");
catch (SQLException x) {
x.printStackTrace();
public void isValid(String aPin){
if(pin.equals(aPin)){
System.out.println("Login Successful");
else{
System.out.println("Login Failed");
Here's the servlet:
import java.io.*;
import java.util.*;
import java.sql.*; // for JDBC
import javax.servlet.*; // for Servlet
import javax.servlet.http.*; // for HttpServlet
public class StudentLogin extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException{
//get parameters
String aStudentId = (String) request.getParameter("studentid");
String aPin = (String) request.getParameter("pin");
Authenticator a = new Authenticator();
a.loadDb();
a.queryDb(aStudentId);
a.isValid(aPin);
response.setContentType("text/html");
PrintWriter out = response.getWriter();
//bunch of HTML output shit goes here
I keep getting an error of cannot resolve symbol in the isValid method. It can't resolve the variable 'pin' from the database query. Does try limit the scope of that variable to only inside that try statement? Thanks for any help you guys can give. -
Hi
I have the code below, a basic login which receives a username and password (which is hardcoded) from a html form.
However when i enter the data on the html page and hit return, to run the servlet, i get an error 405
"Status code (405) indicating that the method specified in the Request-Line is not allowed for the resource identified by the Request-URI."
Can anyone tell me what i'm doing wrong please
thanks
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LoginServlet extends HttpServlet {
public void init(ServletConfig config) throws ServletException {
super.init(config);
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String j_username = request.getParameter("j_username");
String j_password = request.getParameter("j_password");
String u="user";
String p="1234";
boolean loginCorrect = false;
if((j_username==u)&&(j_password==p)){
loginCorrect=true;
if(!loginCorrect) {
response.sendRedirect("/error.html");
} else {
response.sendRedirect("/index.html");I think this will occur if the HTML form is coded to use the POST method, since you haven't got a doPost(). Have a look at it and see.
-
Level 15 and Level 10 login problem
I have couple of 2600 routers , I did test for all of them
Router (config )# enable password xxx
Router (config )# enable secret xxx
Router(config)# enable secret level xxxx
I logged in into level 15 (password xxx), then I quit from default level (15) to user mode , then I logged in into level 10 ( password xxx ), then when I quit from level 10 , I was not able to access default level (15) again,,,why ?Any comment aboutthis issue?
-
Im newbie to Servlets, but have done JSP with Broadvision.... I need a small code where in a user enters the userid/pass, which my servlet would validate it and accordingly create a session for that particular user. can someone help me pls....
ThanksThank you very much for your helping BalusC but I want help again.
I want to make a check if i give values in all fields but I don't get well.
import java.io.*;
import java.net.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.lang.String;
public class Eisagwgh extends HttpServlet {
private Connection con;
private String error;
public void init(ServletConfig config) throws ServletException {
super.init(config);
try{
Class.forName("com.mysql.jdbc.Driver");
con=DriverManager.getConnection("jdbc:mysql://localhost/schools?user=students&password=students");
} catch(Exception e){
error=e.getMessage();
public void destroy() {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=ISO-8859-7");
request.setCharacterEncoding("ISO-8859-7");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<title>Insert</title>");
out.println("</head>");
out.println("<body>");
String nickname=request.getParameter("username");
String kwdikos=request.getParameter("code");
String onoma=request.getParameter("fname");
String epitheto=request.getParameter("lname");
String dieythinsh=request.getParameter("address");
String thl=request.getParameter("telephone");
int vathmoi=0;
if(con!=null){
try {
Statement s=con.createStatement();
int updateCount=s.executeUpdate("INSERT INTO users VALUES ('"+nickname+"','"+kwdikos+"','"+onoma+"','"+epitheto+"','"+dieythinsh+"','"+thl+"',"+vathmoi+");");
if(updateCount!=0){
***************I believe that is the check but is isn't work can you tell me where i get to work and make the check because now it doesn't work
**************if (nickname==null||kwdikos==null||onoma==null||epitheto==null||dieythinsh==null||thl==null){
out.println("Πρέπει να συμπληρώσεις όλα τα πεδία για αυτό πατήστε <a href=\"Eisagwgh_Stoixeiwn.html\">εδώ</a>");***************I believe that is the check but is isn't work can you tell me where i get to work and make the check because now it doesn't work
out.println("Η ΒΔ ενημερώθηκε επιτυχώς");
}else{
out.println("Αποτυχία ενημέρωσης");
out.println("<br>");
out.println("Επιτυχής εισαγωγή");
out.println("<br>");
out.println("Για να κάνετε εισαγωγή κωδικού πατήστε <a href=\"Eisagwgh_Kwdikou.html\">εδώ</a>");
out.println("<br>");
out.println("Για να δείτε τους νικητές πατήστε <a href=\"Emfanish_Dikaiouxwn.java\">εδώ</a>");
} catch(Exception e){
out.println("Πρόβλημα κατά την εισαγωγή "+e.getMessage());
} else{
out.println("Πρόβλημα κατά την σύνδεση"+error);
out.println("<br>");
out.println("<br>");
out.println("<br>");
out.println("<br>");
out.println("</body>");
out.println("</html>");
out.close();
/** Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
/** Returns a short description of the servlet.
public String getServletInfo() {
return "Short description";
} -
Accessing servlets using login and goto
Hi,
I'm having a problem in accessing servlets without visiting the DesktopServlet. There is no problem if the servlet does not require a parameter, but if I try to pass a parameter to the servlet, it does not pass the parameter -
Without visiting the DesktopServlet when I try to visit an servlet X , it gives me a session exception.
Thrown SessionException : Invalid service host name.
I use the following code to login and go to the servlet :
String redirectTarget = "login?&goto=" + req.getRequestURI() + "&hotelComponent=" + hotelComponent;
resp.sendRedirect(redirectTarget);
Inside the doGet of the servlet, I now try to read the hotelComponent parameter -
String hotelComponent = req.getParameter("hotelComponent");
But now I get a null. I can not get the hotelComponent parameter. Any suggestions will be very helpful
Thanks in advance
ParthaThanks for the suggestions ! The original problem of not being able to pass parameters like -
"login?&goto=" + req.getRequestURI + "?param=" + value"
has been solved by encoding the URL string sent to resp.sendRedirect.
However the suggestion you have given regarding setting of cookies in the browser might have a bearing on my actual problem. I'm trying to do away with the redirection to the login servlet in the DesktopServlet.
Here is what I'm trying to do to make our website searchengine friendly - using WGET scrape the DesktopServlet and set it as the index.html. When somebody tries to access the links which are ordinary servlets, it gives a session exception. I catch the session exception and in the catch block use "login?&goto" to do a response.sendRedirect. This does a login and gets me the session.
All the servlets work fine except for one which is identical to the ones working except for the fact it is a post from a form on the DesktopServlet. Here I get a HTTP 400 Bad Request error. I've noticed that when I clear the cache and try I get a better response.
Any suggestion on how to overcome this ( possibly by setting cookies ) would be greatly appreciated.
Thanks in advance -
Form Authentication Servlet and MD5
Dear forum,
I have the following servlet to authenticate a user via form. If you go to the root url you get the login html and the authentication works fine but if the user knows the url of a specific html just by typing the url gives access to the page without going through the authentication. The website is composed of htmls and servlets. How can I force the authentication for the htmls and the servlets. I included at the bottom how I added the Login servlet to the web.xml. I suspect that the servlet definition in the web.xml is the problem.
Also I would like to use MD5 encryption, would someone suggest how this can be accomplished.
Thanks.
This is the code:
import java.io.*;
import java.util.*;
import javax.servlet.http.*;
import javax.servlet.*;
import java.sql.*;
import javax.sql.*;
public class LoginServlet extends HttpServlet {
public void doPost (
HttpServletRequest request,
HttpServletResponse response
) throws ServletException, IOException
String item = request.getParameter("account");
doGet(request,response);
public void doGet (
HttpServletRequest request,
HttpServletResponse response
) throws ServletException, IOException
HttpSession session = request.getSession(true);
PrintWriter out = response.getWriter();
try {
String driverName="sun.jdbc.odbc.JdbcOdbcDriver";
String dbUrl="jdbc:odbc:Virtual_Library_DB";
Class.forName(driverName);
Connection db =DriverManager.getConnection(dbUrl,"","");
if ((session.getAttribute("user") == null) || (!session.getAttribute("ip").equals(request.getRemoteAddr()))){
PreparedStatement pStmt = db.prepareStatement("SELECT * FROM Login WHERE Login.account =? AND Login.password=? ");
pStmt.setString(1, request.getParameter("account"));
pStmt.setString(2, request.getParameter("password"));
pStmt.setString(3, request.getParameter("level"));
ResultSet rs = pStmt.executeQuery();
System.out.println("hello");
if(!rs.next()){
System.out.println("Account is not valid.");
request.setAttribute("msg", "Account is not valid.");
RequestDispatcher rd = request.getRequestDispatcher("LoginInvalid.html");
rd.forward(request, response);
else do {
int id = rs.getInt(1);
String account = rs.getString(2);
session.setAttribute("user", new Integer(id));
session.setAttribute("account", account);
session.setAttribute("ip", request.getRemoteAddr());
System.out.println("User " + session.getAttribute("user") +" has logged on.");
request.setAttribute("msg", "User has logged on.");
RequestDispatcher rd = request.getRequestDispatcher("index.html");
rd.forward(request, response);
} while(rs.next());
rs.close();
else {
System.out.println("User has already logged on.");
request.setAttribute("msg", "User has already logged on.");
RequestDispatcher rd = request.getRequestDispatcher("index.html");
rd.forward(request, response);
db.close();
catch(Exception exp){
System.out.println("Exception: "+ exp);
out.close();
web.xml
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>Check the session in the servlets that are allowed only for logged-in users.
public class ServletUtils
public static boolean checkLogin(HttpServletRequest request, HttpServletResponse response)
HttpSession session = request.getSession(false); // false = don't create a new session if not logged in
if (session != null)
return true;
Logging.log("tried to access page without login, redirecting to login");
...redirect to login.html...
return false;
// At the start of your doGet()'s:
if (!checkLogin(request, response))
return;Do you really need static documents to be authenticated? dot.gif's and all? Someone can make a zip file of them anyway and post it to their own web site or Kazaa.
If you have a couple of html pages you want authenticated, easiest is to write them as servlets (+ maybe JSP's) and do the login check there.
Ok, let's say you have ...what, an "image database" (heh) that you want available to logged-in users only. Write a servlet that serves those pages. That servlet checks the session, and then copies the appropriate file to the user (remember to set content type; consider caching the files if hit rate is very high.) The servlet would be called like /images/show?id=gerbilsex/closeup.gif to fetch the named file. Put the files outside the web server's document directory so they are not accessible except through the servlet. Perform strict checks on the file name to disallow nastiness like id=../../../etc/passwd. A similar database solution is also possible. Another variant is to map a servlet to a "virtual directory name" and get the actual file name from the URL path -- similar to the ?id= solution, except the URLs don't have parameters.
About md5: md5 isn't an encryption algorithm, it is a hash algorithm (aka "message digest" or "fingerprint"). It can't be decrypted. What do you really want to accomplish - encryption or hashing? -
Session managing testing servlets
I am running two 5.1 sp1 servers in a cluster using in-mem replication
with a wl proxy server, all on NT boxes. I've written three servlets:
Login, Logout, and Test2
Login creates a new session if one isn't present. Logout kills the
session if there is one present. Test2 tests for the existence of a
session.
-- I start the server and create a new session with the Login
servlet.
-- I test with Test2 servlet ( I get Test2: init) and it doesn't see
the session I had just created.
-- I reload Test2 and it recognizes the session OK.
-- It recognizes the session with all subsequent calls to it as well.
-- Killing the server and making the session failover to another
server will make the Test2 servlet not see the session for the first
time again (If that is the first time that the servlet is loaded on that
particular server).
Same happens with Logout servlet. It seems that when a servlet is
initially loaded on a server it doesn't see sessions already present but
it picks up that info on all subsequent loads. What can I do to make
sure all my servlets see all the sessions all the time (otherwise this
failover demo I'm doing is quite useless).
Thanks, Timur
Prasad Peddada wrote:
> Timur Maltaric wrote:
>
> > Say I had two servers in the cluster to begin with. Sessions were created and killed as users logged on and off.
> > One server dies suddenly and one is left operating in the cluster. Shouldn't this one that is operating be able to
> > correctly handle any new sessions that will be created?
>
> Yes.
>
> From your earlier mail:
>
> The log attached to an earlier message shows that Login servlet starts a new session, and writes a cookie. Good.
> Requesting Test2 doesn't read that cookie and returns session = null. Requesting Test2 again reads the cookie
> correctly and gets the correct session information.
>
> From the log files:
>
> Tue May 30 10:17:42 EDT 2000:<D> <ServletContext-General> Found servlet for Virtual Path: '/Test2'
> Tue May 30 10:17:42 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: ServletPath: /Test2
> Tue May 30 10:17:42 EDT 2000:<D> <ServletContext-General> Invoking servlet
> Tue May 30 10:17:42 EDT 2000:<D> <ServletContext-General> Checking ACL: weblogic.servlet.Test2
> Tue May 30 10:17:42 EDT 2000:<I> <ServletContext-General> Parsing cookies
> Tue May 30 10:17:42 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: Found cookie:
> javax.servlet.http.Cookie@b8f4916
> Tue May 30 10:17:42 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: SessionID:
> OTPNVO0XpIhya1eIDpzrNar9gwDuzpm198DEKR9ho5uhKqSfIOis7UdLQ0773aTGodGkgNoKH0A3|-5241978140997784602/168297227/6/7001/7001/7002/7002/7001/-1|NONE|-5241978140997784602
> found in cookie
> Tue May 30 10:17:42 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: Trying to find session:
> OTPNVO0XpIhya1eIDpzrNar9gwDuzpm198DEKR9ho5uhKqSfIOis7UdLQ0773aTGodGkgNoKH0A3|-5241978140997784602/168297227/6/7001/7001/7002/7002/7001/-1|NONE|-5241978140997784602
>
> Contrary to what you said the weblogic server is reading your session. All the requests are in the same session.
The first time (notice time) that the request is made for Test2 weblogic server is NOT reading the session info. Second request for Test2 (one you quoted) is OK.
Why?:
Tue May 30 10:17:13 EDT 2000:<D> <ServletContext-General> Found servlet for Virtual Path: '/Test2'
Tue May 30 10:17:13 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: ServletPath: /Test2
Tue May 30 10:17:13 EDT 2000:<D> <ServletContext-General> Invoking servlet
Tue May 30 10:17:13 EDT 2000:<D> <ServletContext-General> Checking ACL: weblogic.servlet.Test2
Tue May 30 10:17:13 EDT 2000:<I> <ServletContext-General> Parsing cookies
Tue May 30 10:17:13 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: Get query parameter: WebLogicSession found value: null
Tue May 30 10:17:13 EDT 2000:<I> <ServletContext-General> ServletRequestImpl: SessionID not found
Tue May 30 10:17:13 EDT 2000:<I> <ServletContext-General> Test2: init
>
> Contact support if you have a reproducible test case and we will go from there.
I am contacting support.
>
>
> I don't think it matters how many servers are in the cluster because none are really failing. Correct me if I'm wrong.
>
> True.
>
> - Prasad
>
> >
> > Timur
> >
> > Prasad Peddada wrote:
> >
> > > If you have only one server in the cluster how do you expect it to failover and retrieve your session
> > > information.
> > >
> > > - Prasad
> > >
> > > Timur Maltaric wrote:
> > >
> > > > There was only one server running in the cluster when these requests were made. That shouldn't be a problem
> > > > though.
> > > >
> > > > Timur
> > > >
> > > > Prasad Peddada wrote:
> > > >
> > > > > The same cookie is being sent five times as you can see. Are you sure your clustering is
> > > > > working. I don't think the servers are recognizing each other. Do you have two servers
> > > > > running when you made these requests.
> > > > >
> > > > > C:\TEMP>grep
> > > > > "OTPNVO0XpIhya1eIDpzrNar9gwDuzpm198DEKR9ho5uhKqSfIOis7UdLQ0773aTGodGkgNoKH0A3|-5241978140997784602/16829722
> > > > >
> > > > > 7/6/7001/7001/7002/7002/7001/-1|NONE|-5241978140997784602" weblogic.log | wc -l
> > > > > 5
> > > > >
> > > > > - Prasad
> > > > >
> > > > > Timur Maltaric wrote:
> > > > >
> > > > > > Here is a snippet from the log. Test2 doesn't recieve the cookie on first load but
> > > > > > recieves it thereafter.
> > > > > >
> > > > > > Timur
> > > > > >
> > > > > > Prasad Peddada wrote:
> > > > > >
> > > > > > > I don't think domain property applies to your case. Did you try turn on the
> > > > > > > debugging and did you notice anything wrong. When you requested Login, you should
> > > > > > > have got a cookie that should have been passed back when you requested Test2. Do
> > > > > > > you see that in log?
> > > > > > >
> > > > > > > - Prasad
> > > > > > >
> > > > > > > Description about domains:
> > > > > > >
> > > > > > > When searching the cookie list for valid cookies, a comparison of the domain
> > > > > > > attributes of the cookie is made
> > > > > > > with the Internet domain name of the host from which the URL will be fetched.
> > > > > > > If there is a tail match, then
> > > > > > > the cookie will go through path matching to see if it should be sent. "Tail
> > > > > > > matching" means that domain
> > > > > > > attribute is matched against the tail of the fully qualified domain name of
> > > > > > > the host. A domain attribute of
> > > > > > > "acme.com" would match host names "anvil.acme.com" as well as
> > > > > > > "shipping.crate.acme.com".
> > > > > > >
> > > > > > > Only hosts within the specified domain can set a cookie for a domain and
> > > > > > > domains must have at least two (2)
> > > > > > > or three (3) periods in them to prevent domains of the form: ".com", ".edu",
> > > > > > > and "va.us". Any domain that fails
> > > > > > > within one of the seven special top level domains listed below only require
> > > > > > > two periods. Any other domain
> > > > > > > requires at least three. The seven special top level domains are: "COM",
> > > > > > > "EDU", "NET", "ORG", "GOV", "MIL", and
> > > > > > > "INT".
> > > > > > >
> > > > > > > The default value of domain is the host name of the server which generated
> > > > > > > the cookie response.
> > > > > > >
> > > > > > > Timur Maltaric wrote:
> > > > > > >
> > > > > > > > weblogic.httpd.session.cookie.domain
> > > > > > > >
> > > > > > > > what does this do? What should I set it to?
> > > > > > > >
> > > > > > > > Prasad Peddada wrote:
> > > > > > > >
> > > > > > > > > Turn on the weblogic.debug.httpd=true and see if the cluster's are receiving
> > > > > > > > > cookie's or not and try with IE as well.
> > > > > > > > >
> > > > > > > > > Try setting this property on the weblogic servers in the backend and see if
> > > > > > > > > it helps.
> > > > > > > > >
> > > > > > > > > weblogic.httpd.session.cookie.domain
> > > > > > > > >
> > > > > > > > > - Prasad
> > > > > > > > >
> > > > > > > > > Timur Maltaric wrote:
> > > > > > > > >
> > > > > > > > > > I am running two 5.1 sp1 servers in a cluster using in-mem replication
> > > > > > > > > > with a wl proxy server, all on NT boxes. I've written three servlets:
> > > > > > > > > > Login, Logout, and Test2
> > > > > > > > > > Login creates a new session if one isn't present. Logout kills the
> > > > > > > > > > session if there is one present. Test2 tests for the existence of a
> > > > > > > > > > session.
> > > > > > > > > >
> > > > > > > > > > -- I start the server and create a new session with the Login
> > > > > > > > > > servlet.
> > > > > > > > > > -- I test with Test2 servlet ( I get Test2: init) and it doesn't see
> > > > > > > > > > the session I had just created.
> > > > > > > > > > -- I reload Test2 and it recognizes the session OK.
> > > > > > > > > > -- It recognizes the session with all subsequent calls to it as well.
> > > > > > > > > >
> > > > > > > > > > -- Killing the server and making the session failover to another
> > > > > > > > > > server will make the Test2 servlet not see the session for the first
> > > > > > > > > > time again (If that is the first time that the servlet is loaded on that
> > > > > > > > > > particular server).
> > > > > > > > > >
> > > > > > > > > > Same happens with Logout servlet. It seems that when a servlet is
> > > > > > > > > > initially loaded on a server it doesn't see sessions already present but
> > > > > > > > > > it picks up that info on all subsequent loads. What can I do to make
> > > > > > > > > > sure all my servlets see all the sessions all the time (otherwise this
> > > > > > > > > > failover demo I'm doing is quite useless).
> > > > > > > > > >
> > > > > > > > > > Thanks, Timur
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Cheers
> > > > > > > > >
> > > > > > > > > - Prasad
> > > > > > >
> > > > > > > --
> > > > > > > Cheers
> > > > > > >
> > > > > > > - Prasad
> > > > > >
> > > > > > ------------------------------------------------------------------------
> > > > > > Name: weblogic.log
> > > > > > weblogic.log Type: Text Document (application/x-unknown-content-type-txtfile)
> > > > > > Encoding: base64
> > > > >
> > > > > --
> > > > > Cheers
> > > > >
> > > > > - Prasad
[att1.html]
-
Getting Error: javax.servlet.ServletException: Cannot find ActionMappings o
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Cannot find ActionMappings or ActionFormBeans collection
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:848)
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:781)
org.apache.jsp.index_jsp._jspService(org.apache.jsp.index_jsp:88)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:291)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
root cause
javax.servlet.jsp.JspException: Cannot find ActionMappings or ActionFormBeans collection
org.apache.struts.taglib.html.FormTag.lookup(FormTag.java:711)
org.apache.struts.taglib.html.FormTag.doStartTag(FormTag.java:419)
org.apache.jsp.index_jsp._jspx_meth_html_form_0(org.apache.jsp.index_jsp:139)
org.apache.jsp.index_jsp._jspx_meth_html_html_0(org.apache.jsp.index_jsp:114)
org.apache.jsp.index_jsp._jspService(org.apache.jsp.index_jsp:81)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:291)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.9 logs.
This is my web.xml file
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC "-//SUN Microsystem, //"
"http://java.sun.com/j2ee/dtds/web-app_2.2/dtd">
<web-app>
<!--Action Servlet Configuration -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<!-- Resource Bundle base class -->
<init-param>
<param-name>application</param-name>
<param-value>ApplicationResources</param-value>
</init-param>
<!-- Context Relative Path to the XML resource containing Struts Configuration -->
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<!-- The Debugging detail level for this servlet, which controls how much information -->
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<!-- Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- The welcome File List -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- Application Tag Library Descriptor -->
<taglib>
<taglib-uri>/WEB-INF/app.tld</taglib-uri>
<taglib-location>/WEB-INF/app.tld</taglib-location>
</taglib>
<!-- Struts Tag Lib Descriptors -->
<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
</taglib>
</web-app>
==================================================================================================================
This is my Struts-config.xml file
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE struts-config PUBLIC "-//SUN Microsystem, //"
"http://java.sun.com/j2ee/dtds/struts-config_1_0/dtd">
<struts-config>
<form-beans>
<!-- Logon Form Bean -->
<form-bean name="loginForm" type="LoginForm" />
</form-beans>
<global-forwards>
<forward name="mainmenu" path="/mainmenu.jsp" />
</global-forwards>
<action-mappings>
<!-- Process a user logon -->
<action path="/login" type="LoginAction"
name="loginForm" scope="session" input="/index.jsp">
</action>
</action-mappings>
</struts-config>
==================================================================================================================
This is my LoginForm.java file
package src;
import org.apache.struts.action.ActionForm;
public class LoginForm extends ActionForm {
private String login;
private String password;
public String getLogin() {
return login;
public void setLogin(String login) {
this.login = login;
public String getPassword() {
return password;
public void setPassword(String password) {
this.password = password;
==================================================================================================================
This is my LoginAction.java file
package src;
import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;
import org.apache.struts.action.*;
import org.apache.struts.action.Action;
public class LoginAction extends Action {
public ActionForward execute( ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
return (mapping.findForward("mainmenu"));
==================================================================================================================
This is my index.jsp file
<%@ page language ="java" %>
<%@ taglib uri ="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%@ taglib uri ="/WEB-INF/struts-html.tld" prefix="html" %>
<%@ taglib uri ="/WEB-INF/struts-logic.tld" prefix="logic" %>
<html:html>
<head>
<title> My First Struts Application! </title>
</head>
<body>
<html:form action="/login">
LOGIN : <html:text property="login" />
PASSWORD : <html:password property="password" />
<html:submit> Login </html:submit>
<html:reset> Reset </html:reset>
</html:form>
</body>
</html:html>
==================================================================================================================
and finally This is my mainmenu.jsp file
<%@ page language="java" %>
<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%@ taglib uri="/WEB-INF/struts-logic.tld" prefix="logic" %>
<html:html>
<head>
<title>Main Menu</title>
</head>
<body>
This is the MainMenu !
</body>
</html:html>
==================================================================================================================
Kindly solve my problem........
try to run on your machine...........
I am using Tomcat 5.5.9 and my Project name is MyAppliHey guys,
Even I was frustrated for a long time with all the Struts errors for which Google returned loads of results but no particular solutions. All these solutions were all based on hit and trial and only work on some cases. Let me tell you that Struts (and most other frameworks) have a general approach to consume the actual error message and throw an exception which is light years away from the actual cause. So whats' the solution?
Enable logging.... LOG4J to be precise...
...and see that it (log4j) is configured properly. You will see the actual cause there and not on the consoles of your servers (whichever you use).
In my case, it was a host not found exception in the logs because I was sitting behind a firewall and the validator could not locate struts.apache.org
(Wish this thread had some duke dollars)
Regards,
The Correspondent
http://www.araneidae.org -
Problem with post and get (jsp to servlet)
===jsp code(login.jsp)
out.println("<form action='servlet/Login' action='post'>");
out.println("Username <input type='text' name='user' /><br>");
out.println("Password <input type='password' name='pass' /><br>");
out.println("<input type='submit' value='Login' /><br></form>");
the above jsp page is included in another jsp page
===jsp code(index.jsp)
<jsp:include page='login.jsp' flush='true'/>
when submit is clicked in the login form, the data is send (to Login servlet) in the url string, even though i am using "POST" method in the form.
the output of request.getMethod() in the Login servlet gives "GET"
what could be the problem?The code you've shown us looks fine. The problem isn't in the form code you've listed. Is the form being included inside another form on index.jsp? Does index.jsp have any forms of it's own? Perhaps you aren't submitting the form you think you are submitting. Or, are you redirecting in your serlvet somewhere? Or are you forwarding the request somehow?
I agree with the previous post - we need to see the HTML output that index.jsp results in.
Michael
Maybe you are looking for
-
Can't get back to root welcome page while logged in as administrator
Greetings all, Something weird has occurred with our iTunes U channel. If I log in as primary administrator, I have access to the tools for creating dependent welcome pages. If I create a new dependent welcome page, and then click on the new welcome
-
After installing the latest update to Firefox onto Vista operating system the record part of real player no longer works, I think Mozila and Real are using a library file with the same name and the Mozila update is overwriting a Realplayer library fi
-
Has anyone bought a book with the itune card?
I bought a $50 itune card. The small print on the back of the card says "Not redeemable for all purchases, such as ipod games, or app store purchases." I'm only interested in buying books. Can someone confirm that it works to buy books?
-
After trying to update all in app store the icons are just staying on waiting position and noting happens
-
I have an mp3 sound I want to use as my ring tone. How do I add it?
How do I add a ringtone? I have a small mp3 I want to use.