 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / January 2006How to show the user name with form based authentication after an unsuccessful login?
I'm trying to use form based authentication in my web application. I created my login form, with a post method and action "j_security_check". In the form I put a text field with name "j_username" and a password field with name "j_password". The login seems to work fine. What I find strange is that there is not a way, if the login fails, to show the user name when the login form is reloaded, as it would usually happen in a normal login. I couldn't find anything in the servlet specification, and my concern is that it's actually not possible, which surprises me. Does anyone know anything about it? Sounds like you may want to store j_username in session scope (session.setAttribute() ), rather than request scope, since you are wanting to see the values when the form is reloaded. Or you can just do a request.setAttribute() in your action when the loginin fails so it will be available in the next request. > Sounds like you may want to store j_username in session scope > (session.setAttribute() ), rather than request scope, since you are > wanting to see the values when the form is reloaded. Or you can just > do a request.setAttribute() in your action when the loginin fails so it > will be available in the next request. I would like to do that, but I can't. The entire process is handled by the server. To log the use in I don't use my code >> Sounds like you may want to store j_username in session scope >> (session.setAttribute() ), rather than request scope, since you are [quoted text clipped - 4 lines] > I would like to do that, but I can't. The entire process is handled by > the server. To log the use in I don't use my code It seems like a lot of bother, but you could probably set up a servlet filter that captured the provided j_username and stashed it in the session. If the login form is provided via JSP then it could easily retrieve the value from the session and use it to set the initial value of the username field when the form is displayed again. I'd have to study the docs to decide, but it might work to stash the data in the request rather than in the session; this would be better if it works. Overall, the form login system seems to provide relatively little information back to the web application. To me, this is one of its more egregious weaknesses.  SignatureJohn Bollinger jobollin@indiana.edu > It seems like a lot of bother, but you could probably set up a servlet > filter that captured the provided j_username and stashed it in the [quoted text clipped - 5 lines] > data in the request rather than in the session; this would be better if > it works. I have the feeling that filters are not called with form based login, since it is completely handled by the server, and it does seem like a lot of bother, but I'll think about giving it a try. If I want to do it this is so far the only possible solution I have. Thanks > Overall, the form login system seems to provide relatively little > information back to the web application. To me, this is one of its more > egregious weaknesses. I agree. Actually it looks like it hasn't been designed to be very powerful. But unfortunately this is a requirement I have Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.