Single sign-on for all my struts2 applications in tomcat
I am creating several applications using struts2 and deploying them to tomcat7. The users of all applications are the same. So I only solve their authentication once. I use cookies for this.
Not sure if this is the easiest and best way. but still trying with it.
However, I cannot achieve this for a single application.
Login.jsp
<s:form action="login">
<table>
<tr><s:textfield name="username" placeholder="Username"></s:textfield></tr>
<tr><s:password name="userpass" placeholder="Password"></s:password></tr>
<tr>
<td colspan="2" align="center"><input type="submit" class="button" value="Submit" /></td>
</tr></table>
</s:form>
Entrance and exit()
@SuppressWarnings({ "unchecked", "rawtypes" })
public String login() {
int count = 0;
try {
Connection con = getConnection();
PreparedStatement ps = con
.prepareStatement("select COUNT(*) AS rowcount from users where username=? and password=? and its='1'");
ps.setString(1, username);
ps.setString(2, userpass);
ResultSet rs = ps.executeQuery();
rs.next();
count = rs.getInt("rowcount");
rs.close();
} catch (Exception e) {
System.out.println("Unable to login - " + e.getMessage());
}
if (count == 1) {
Map session = ActionContext.getContext().getSession();
session.put("login", "true");
session.put("user", username);
// Save to cookie
Cookie user = new Cookie("user", username);
user.setPath("/");
servletResponse.addCookie(user);
return "success";
} else {
setError("Invalid login. Try again.");
return "error";
}
}
@SuppressWarnings("rawtypes")
public String logout() {
Map session = ActionContext.getContext().getSession();
session.remove("login");
session.remove("user");
Cookie user = new Cookie("user", "");
user.setPath("/");
servletResponse.addCookie(user);
return "success";
}
LoginCheck.jsp
<%
String user = null;
for(Cookie c : request.getCookies()) {
if (c.getName().equals("user")){
user = c.getValue();
}
}
if(user == null){
out.println("user : "+user);
session.setAttribute("login", "false");
response.sendRedirect("login.jsp");
}
else{
out.println("user : "+user);
session.setAttribute("login", "true");
session.setAttribute("user", user);
}
%>
This code logs me correctly and cookies are set, but even when the user is not logged in, their home page is displayed instead of the login page.
+3
source to share
2 answers
Few things you will need to do to fix the above problem.
- install
cookie.setMaxAge(0)
on logout. This will delete the cookie on logout. - put a null check on the cookie. If it exists, the logged in user and other applications can use this cookie to log in directly with the custom string in the cookie
+4
source to share
Thanks to @SumeetSharma. Working code
Entrance and exit()
public String login() {
int count = 0;
try {
Connection con = getConnection();
PreparedStatement ps = con
.prepareStatement("select COUNT(*) AS rowcount from users where username=? and password=? and its='1'");
ps.setString(1, username);
ps.setString(2, userpass);
ResultSet rs = ps.executeQuery();
rs.next();
count = rs.getInt("rowcount");
rs.close();
} catch (Exception e) {
System.out.println("Unable to login - " + e.getMessage());
}
if (count == 1) {
Map session = ActionContext.getContext().getSession();
session.put("login", "true");
session.put("user", username);
// Save to cookie
Cookie user = new Cookie("user", username);
user.setPath("/");
servletResponse.addCookie(user);
return "success";
} else {
setError("Invalid login. Try again.");
return "error";
}
}
@SuppressWarnings("rawtypes")
public String logout() {
Map session = ActionContext.getContext().getSession();
session.remove("login");
session.remove("user");
Cookie user = new Cookie("user", "");
user.setPath("/");
user.setMaxAge(0);
servletResponse.addCookie(user);
return "success";
}
LoginCheck.jsp
<%@ taglib uri="/struts-tags" prefix="s"%>
<%@ page language="java"%>
<%
for(Cookie c : request.getCookies()) {
if(c==null){
session.setAttribute("login", "false");
}
else if (c.getName().equals("user")){
session.setAttribute("login", "true");
session.setAttribute("user", c.getValue());
}
}
%>
<s:if test="#session.login != 'true'">
<jsp:forward page="login.jsp" />
</s:if>
+3
source to share