Automatic login after registration

Question

Hi there,

I have a webapp with form-based authentication. On the login page, I have placed a link to a public registration form. The registration adds a user in the database that is used for authentication.

Now, is is possible to do an automatic login as the new user after the registration is complete, without returning to the login page?

UPDATE

More info, as requested:

DataSource in $CATALINA_BASE/conf/server.xml:

...
    <GlobalNamingResources>
...
        <Resource auth="Container" type="javax.sql.DataSource" name="jdbc/gporder"
                  driverClassName="com.mysql.jdbc.Driver"
                  url="jdbc:mysql://localhost/gporder"
                  maxActive="100" maxIdle="30" maxWait="10000"
                  username="xxx" password="yyy"/>
...
    </GlobalNamingResources>
...

Resource links and realm in $MYWAR/META-INF/context.xml:

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/gporder">
    <ResourceLink global="jdbc/gporder" name="jdbc/gporder"
            type="javax.sql.DataSource"/>
    <Realm className="org.apache.catalina.realm.DataSourceRealm" 
            dataSourceName="jdbc/gporder" debug="99" localDataSource="true"
            digest="MD5" roleNameCol="role" userCredCol="password_hash"
            userNameCol="username" userRoleTable="rolemap" userTable="users"/>
</Context>

What else? there is a JSP with the HTML registration form, and a servlet that handles the POST when the form is submitted. They are both too long to be pasted here, but the servlet builds a new user and save it in the database (via hibernate).

After that, a redirect is done on an initial page, which causes tomcat to redirect to the login page instead. So my question is: is there a way to use the username and password entered in the registration form to force a login, and avoid further redirects on the login page?

I would like to avoid relying on tomcat's internal classes.

Answer 1

Like said; to give you a sensible suggestion you don't give a lot of information.

I would do it like this:

• Enter info in database (registration)
• Perform the same actions that occure after a user clicked 'login'
• Redirect to the same page as you would after a user is logged in

Answer 2

Did you find a solution to this?

I have to ideas. Either create a new HttpSession and try and put the user into the session. Or pass the username and password to the login page with HTTP variables and use javascript to auto submit the form.

Answer 3

Here is a possible solution: the registration must be included in the login procedure.

A link to the registration form is included in the login form, tough the two forms could also share the same page. Here is the code for login.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd"&gt;

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Authentication</title>
    </head>
    <body>
        <h1>Authentication</h1>
        <p>Please enter your username and password below, then click on the
            'Login' button</p>
        <form action="j_security_check" method="POST">
            <dl>
                <dt><label for="j_username">Username: </label></dt>
                <dd><input type="text" id="j_username" name="j_username"></dd>
                <dt><label for="j_password">Password: </label></dt>
                <dd><input type="password" id="j_password" name="j_password"></dd>
                <dd><input type="submit" name="login" value="Login"></dd>
            </dl>
        </form>
        <p>If you don't own an account yet, and would like to register,
            <a href="register.jsp">please click here</a></p>
    </body>
</html>

Here is the registration form, register.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd"&gt;

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Registration</title>
    </head>
    <body>
        <h1>Registration</h1>
        <p>Please fill in the form below, then click on the 'Register'
            button</p>
        <form action="register" method="post">
            <dl>
                <dt><label for="username">Username: </label></dt>
                <dd><input type="text" id="username" name="username"></dd>
                <dt><label for="password">Password: </label></dt>
                <dd><input type="password" id="password" name="password"></dd>
                <dt><label for="password">Verification: </label></dt>
                <dd><input type="password" id="verification" name="verification"></dd>
                <dt><label for="firstname">First name: </label></dt>
                <dd><input type="text" id="firstname" name="firstname"></dd>
                <dt><label for="lastname">Last name: </label></dt>
                <dd><input type="text" id="lastname" name="lastname"></dd>
                <dt><label for="email">E-mail address: </label></dt>
                <dd><input type="text" id="email" name="email"></dd>
                <dd><input type="submit" name="register" value="Register"></dd>
            </dl>
        </form>
    </body>
</html>

Upon submission, the registration fields are posted to a servlet that create a new user in the database, and then redirect to /j_security_check:

String username = request.getParameter("username");
String password = request.getParameter("password");
User user = new User();
user.setUsername(username);
user.setPassword(password);
user.setFirstName(request.getParameter("firstname"));
user.setLastName(request.getParameter("lastname"));
user.setEmail(request.getParameter("email"));

// ... register the user, then if everything is OK, do:

String url = request.getContextPath() + "/j_security_check";
response.sendRedirect(url + "?j_username="
        + URLEncoder.encode(username, "UTF-8")
        + "&j_password="
        + URLEncoder.encode(password, "UTF-8"));