tags:

views:

322

answers:

2
+1  Q: 

HttpServletRequest#login() not working in Java.

j_security_check just doesn't seem enough for me to perform login process. So, instead of submitting the form to j_security_check i created my own servlet and in that i am programmatically trying to do login. This works but i am not able to redirect to my restricted resource. Can anybody tell me what can be the problem? This is processRequest method of my servlet :-

protected void processRequest(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
        try {
            String strUsername = request.getParameter("txtusername");
            String strPassword = request.getParameter("txtpassword");
            if(strUsername == null || strPassword == null || strUsername.equals("") || strPassword.equals(""))
                throw new Exception("Username and/or password missing.");
            request.login(strUsername, strPassword);
            System.out.println("Login succeeded!!");

            if(request.isUserInRole(ROLES.ADMIN.getValue())){//enum
                System.out.println("Found in Admin Role");
                response.sendRedirect("/app/Admin/home.jsf");

            }
            else if (request.isUserInRole(ROLES.GENERAL.getValue()))
                response.sendRedirect("/app/Common/index.jsf");
            else //guard
                throw new Exception("No role for user " + request.getRemoteUser());


        }catch(Exception ex){
            //patch work why there needs to be blogger here?
            System.out.println("Invalid username and/or password!!");
            response.sendRedirect("/app/Common/index.jsf");
        }finally {
            out.close();
        }
    }

Everything works fine and i can even see message "Found in Admin Role" but problem is even after authenticating i am not able to redirect my request to some other page.

A: 

Remove those lines, they doesn't belong there:

    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();

and

        out.close();

If you close the OutputStream, the redirect cannot be taken place. You should in fact have seen an IllegalStateException: Response already committed in the server logs.

BalusC  2010-03-20 12:37:52
Hi BalusC,Removing those three lines doesn't help still. It still doesn't redirect me. Here is what i get in Glassfish Admin Console :-FINE: [Web-Security] Checking Web Permission with Principals : nitesh, AdminFINE: [Web-Security] Web Permission = (javax.security.jacc.WebRoleRefPermission AuthenticationCheck Admin)FINE: [Web-Security] hasRoleRef perm: (javax.security.jacc.WebRoleRefPermission AuthenticationCheck Admin)FINE: [Web-Security] hasRoleRef isGranted: trueINFO: Found in Admin Role
Ankit Rathod  2010-03-20 14:07:16
FINE: SecurityContext: setCurrentSecurityContext method calledFINE: [Web-Security] Policy Context ID was: Blogger/BloggerFINE: [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /Admin/home.xhtml GET)FINE: [Web-Security] hasUserDataPermission isGranted: trueFINE: [Web-Security] Policy Context ID was: Blogger/BloggerFINE: [Web-Security] Generating a protection domain for Permission check.FINE: [Web-Security] Codesource with Web URL: file:/Blogger/BloggerFINE: [Web-Security] Checking Web Permission with Principals : null
Ankit Rathod  2010-03-20 14:07:53
FINE: [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /Admin/home.xhtml GET)FINE: [Web-Security] hasResource isGranted: falseFINE: [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /Admin/home.xhtml GET)FINE: [Web-Security] Policy Context ID was: Blogger/BloggerFINE: [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /Common/index.jsf GET)FINE: [Web-Security] hasUserDataPermission isGranted: truePlease help me BalusC!!
Ankit Rathod  2010-03-20 14:08:29
What exactly happens instead of the redirect? Isn't there some filter blocking/changing the request?
BalusC  2010-03-20 16:41:18
No BalusC,There are no filters. The same form when i submit to j_security_check works great. But for HttpServletRequest#login it doens't.I just have normal constraints(in login config) in web.xml and configured it to have form based login. Besides that, there are no filters or anything. Am i doing right? Can HttpServletRequest#login actually replace j_security_check? If so, then why is it not working? Any idea?
Ankit Rathod  2010-03-21 02:09:07
Please have a look at the log above and specially this line in 2nd comment :Checking Web Permission with Principals : nullOnce i get princpial with nitesh,Admin why does it again become null?I am just guessing that may be HttpServletRequest#login is only for a particular request? and not for complete session. That's why once the principal becomes nitesh,Admin and then when i redirect the principals are found to be null and so it throws me to login page again.
Ankit Rathod  2010-03-21 02:14:03
+1  A: 

i am not sure but i think this issue is the subject of

https://glassfish.dev.java.net/issues/show_bug.cgi?id=11340

rahul_d_m  2010-03-23 05:20:00
if you are using glassfish you can try com.sun.appserv.security.ProgrammaticLogin to do the login process(available in security.jar in <GF-DOMAIN-DIR>/modules directory)
rahul_d_m  2010-03-23 09:13:54

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java