Single sign-on for all my struts2 applications in tomcat

Question

Single sign-on for all my struts2 applications in tomcat

I am creating several applications using struts2 and deploying them to tomcat7. The users of all applications are the same. So I only solve their authentication once. I use cookies for this.

Not sure if this is the easiest and best way. but still trying with it.

However, I cannot achieve this for a single application.

Login.jsp

<s:form action="login">
<table>
<tr><s:textfield name="username" placeholder="Username"></s:textfield></tr>
<tr><s:password name="userpass" placeholder="Password"></s:password></tr>
<tr>
<td colspan="2" align="center"><input type="submit" class="button" value="Submit" /></td>
</tr></table> 
</s:form>

Entrance and exit()

@SuppressWarnings({ "unchecked", "rawtypes" })
public String login() {
    int count = 0;
    try {
        Connection con = getConnection();
        PreparedStatement ps = con
                .prepareStatement("select COUNT(*) AS rowcount from users where username=? and password=? and its='1'");
        ps.setString(1, username);
        ps.setString(2, userpass);
        ResultSet rs = ps.executeQuery();
        rs.next();
        count = rs.getInt("rowcount");
        rs.close();
    } catch (Exception e) {
        System.out.println("Unable to login - " + e.getMessage());
    }
    if (count == 1) {
        Map session = ActionContext.getContext().getSession();
        session.put("login", "true");
        session.put("user", username);

        // Save to cookie
          Cookie user = new Cookie("user", username);
          user.setPath("/");
          servletResponse.addCookie(user);

        return "success";
    } else {
        setError("Invalid login. Try again.");
        return "error";
    }
}

@SuppressWarnings("rawtypes")
public String logout() {
    Map session = ActionContext.getContext().getSession();
    session.remove("login");
    session.remove("user");
    Cookie user = new Cookie("user", "");
      user.setPath("/");
      servletResponse.addCookie(user);
    return "success";
}

LoginCheck.jsp

<%
String user = null;
for(Cookie c : request.getCookies()) {
    if (c.getName().equals("user")){
        user = c.getValue();
        }
    }
if(user == null){
    out.println("user : "+user);
    session.setAttribute("login", "false");
    response.sendRedirect("login.jsp");
    }
else{
    out.println("user : "+user);
    session.setAttribute("login", "true");
    session.setAttribute("user", user);
    }
%>

This code logs me correctly and cookies are set, but even when the user is not logged in, their home page is displayed instead of the login page.

+3

jsp tomcat struts2 single-sign-on

Ram 25 Aug '14 at 6:17

source to share

2 answers

Thanks to @SumeetSharma. Working code

Entrance and exit()

public String login() {
    int count = 0;
    try {
        Connection con = getConnection();
        PreparedStatement ps = con
                .prepareStatement("select COUNT(*) AS rowcount from users where username=? and password=? and its='1'");
        ps.setString(1, username);
        ps.setString(2, userpass);
        ResultSet rs = ps.executeQuery();
        rs.next();
        count = rs.getInt("rowcount");
        rs.close();
    } catch (Exception e) {
        System.out.println("Unable to login - " + e.getMessage());
    }
    if (count == 1) {
        Map session = ActionContext.getContext().getSession();
        session.put("login", "true");
        session.put("user", username);
        // Save to cookie
          Cookie user = new Cookie("user", username);
          user.setPath("/");
          servletResponse.addCookie(user);
          return "success";
    } else {
        setError("Invalid login. Try again.");
        return "error";
    }
}

@SuppressWarnings("rawtypes")
public String logout() {
    Map session = ActionContext.getContext().getSession();
    session.remove("login");
    session.remove("user");
    Cookie user = new Cookie("user", "");
    user.setPath("/");
    user.setMaxAge(0);
      servletResponse.addCookie(user);
    return "success";
}

LoginCheck.jsp

<%@ taglib uri="/struts-tags" prefix="s"%>
<%@ page language="java"%>
<%
for(Cookie c : request.getCookies()) {
    if(c==null){
        session.setAttribute("login", "false");
        }
    else if (c.getName().equals("user")){
        session.setAttribute("login", "true");
        session.setAttribute("user", c.getValue());
        }
    }
%>
<s:if test="#session.login != 'true'"> 
<jsp:forward page="login.jsp" />
</s:if>

+3

Ram 25 Aug '14 at 9:18

source to share

Sumeet sharma · Accepted Answer · 2014-08-25T09:11:41+0000

Few things you will need to do to fix the above problem.

install cookie.setMaxAge(0)

on logout. This will delete the cookie on logout.
put a null check on the cookie. If it exists, the logged in user and other applications can use this cookie to log in directly with the custom string in the cookie

Single sign-on for all my struts2 applications in tomcat

More articles: