I have built a login servlet which I am calling from HTML POST request. I am able to login fine. Below is my servlet .
package com.login;
import javax.servlet.*;
import javax.servlet.http.*;
import java.text.MessageFormat;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import java.io.*;
public class validateServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
response.setContentType("text/html");
String userID=request.getParameter("userID");
String password=request.getParameter("password");
boolean validation = false;
final String SUCCESS = "Sucess.html";
final String FAILURE = "Failure.html";
String strUrl = "index.html";
try {
Hashtable<String, String> loginenv = new Hashtable<String, String>();
String securityPrinciple = MessageFormat.format("CN={0},OU=Employees,OU=MyComapny Users,DC=company,DC=com", userID);
System.out.println("securityPrinciple="+securityPrinciple);
System.out.println("trying to log in: " + userID);
loginenv.put(Context.PROVIDER_URL, "ldap://ds.lapd.com:389");
loginenv.put(Context.SECURITY_AUTHENTICATION, "simple");
loginenv.put(Context.SECURITY_PRINCIPAL, securityPrinciple);
loginenv.put(Context.SECURITY_CREDENTIALS, password);
loginenv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
DirContext ctx = null;
/* get a handle to an Initial DirContext */
ctx = new InitialDirContext(loginenv);
validation = true;
ctx.close();
}
catch (Exception e) {
System.out.println(e);
validation = false;
}
finally{
if(validation){
HttpSession session=request.getSession();
session.setAttribute("userID",userID);
System.out.print("Success");
/* sendRedirect("pages/index.html"); */
strUrl = SUCCESS;
}
else{
System.out.print("Failure");
strUrl = FAILURE;
}
}
RequestDispatcher requestDispatcher = request.getRequestDispatcher(strUrl);
requestDispatcher.forward(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
processRequest(request,response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
processRequest(request,response);
}
}
This servlet I am calling from HTML page attached below.
This works perfectly fine when I try to hit index.html ( Login Page ) . But when I try to open any other page under the same path it doesn't ask for login. The page opens without login and doesnt even redirect to login page.
Is there anyway where we can ensure all pages need login (if this is the 1st session ) ? I mean say if page.html is logged is logged it it wont ask login for page2.html but if page2.html is 1st page to be open it will automatically redirct to login page and once login is done page2.html should open directly.
<!DOCTYPE html>
<html>
<head>
<title>Login Check Test Page</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<center>
<form action="validateServlet" method="POST">
USERNAME:<input type="text" name="userID" value="" /><br>
PASSWORD:<input type="password" name="password" value="" /><br>
<input type="submit" value="ENTER" />
</form>
</center>
</body>
</html>