How to implement a JSP login system
Quite a simple JSP question as I am still trying to figure out the right way to do things.
I am working on a web application that requires users to log in before getting started. I would like that any time a user who is not logged in tries to access any page (except the login page) the user will be redirected to my login page.
The approach I took is just a little bit of code at the top of each page trying to grab a custom object from the session, and if it doesn't exist, redirect to login (I have a custom object stored in a session for existing users that contains others data such as permissions).
Is this the appropriate way to perform authentication? Or are there more standard ways that I should be doing?
EDIT: I decided to split this question into two questions, as one was a more experienced question and the other was purely technical. Thanks for answers.
source to share
I don't know if you have this alternative, but using Java EE's declarative security will free you from having to insert authentication code into every JSP.
The idea is that in your web.xml you specify the security rules, such as the only template URL available to users , . The container will then try when users try to access protected resources. You can specify your login page to be used when calling users.
I think this is very handy for coding your own input.
Here's a link to describe how to do it.
source to share
Yes, JSPs are compiled before servlet subclasses. The correct way to return early is to simply place a "return"; in your JSP.
Having said that, I think you should consider other authentication solutions. It's very easy to finish to forget about including at the top 1 JSP and then you accidentally included GUEST users on that page!
source to share