JSP user authentication and tracking

Question

I will keep it simple, I have a simple website with two JSP pages, Main.jsp and Form.jsp, and a servlet for each.

In Main.jsp the user will enter a username and password, to which I will compare them to an SQL stored data, if data match I redirect the user to Form.jsp, if not then reload Main.jsp.

That's great and all, until I realized that anyone can type the URL of Form.jsp and have access to the page and skipping the first authentication page.

I am new to web development, what is the solution for this ?, is there some sort of session manager ?.

Not only do I want to control access to From.jsp, but I also want to know which user filled the form, instead of just any random user with a url to the form can fill it (Since Form.jsp directly updates an SQL table, I want to store the username of whoever updated the table alongside the data).

score 0 · Accepted Answer · answered Feb 04 '16 at 07:18

0

You can use filters for this task.

http://www.journaldev.com/1933/java-servlet-filter-example-tutorial

answered Feb 04 '16 at 07:18

Thanks, that looks useful, a bit TL;DR, but I'll make sure I read it. – Ahmad Labib Mansour Feb 04 '16 at 07:27
"Give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime" That link is amazing, I read it in details and it is very helpful. Your answer gets my vote. – Ahmad Labib Mansour Feb 04 '16 at 09:58
Thank you, and you welcome. :) – Feb 04 '16 at 10:28

score 0 · Answer 2 · answered Feb 04 '16 at 07:19

0

After authenticating you probably need to store in users session some kind of token indicating that user was correctly authenticated. e.g.: UserId. Then for all other requests it should be checked whether this token is present. If it's not present then need to redirect user to login page. You could probably do the authenticated check in a ServletFilter

answered Feb 04 '16 at 07:19

Dev Blanked

8,555
3
26
32

Where will this token be stored ? Like a cookie or something ? – Ahmad Labib Mansour Feb 04 '16 at 07:22
@AhmadLabibMansour it should be stored in users session. request.getSession() – Dev Blanked Feb 05 '16 at 05:00

score 0 · Answer 3 · answered Feb 04 '16 at 07:55

add filter entry in web.xml

<filter>
     <filter-name>ValidationFilter</filter-name>
     <filter-class>ValidationFilter</filter-class>
  </filter>

  <filter-mapping>
     <filter-name>ValidationFilter</filter-name>
     <url-pattern>/*</url-pattern>
  </filter-mapping>

and add class in your project

public class ValidationFilter implements Filter {
       public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
               chain.doFilter(new ValidatingHttpRequest( (HttpServletRequest)request ), response);
       }
   }

customize as per your requirment

JSP user authentication and tracking

3 Answers3