How to process the last request before login in a Java servlet?

0
votes

I'm building a web application, where a user can send a HTTP request to upload a file. I need to redirect the user to the login page in my servlet and if the authentication is successful, I need to process the request. What's the best option to do this? Here's what I'm thinking of doing:

  1. Save the request URL and the HTTPServletRequest object in a cache(some in-memory cache like JCS) with a specific request ID(some GUID).
  2. Redirect the user to the login page along with the request ID.
  3. When the user logs in, the request id is also passed to the servlet.
  4. If the login is successful, retrieve the HTTPServletRequest object from the cache and start processing it.

Another option I read about was using the HTTPReferrer, but this wouldn't get me the request parameters(it is a post operation).

Is my approach above right? Is there a better way to handle this?

Thanks in advance!

1
javacachingservletslogin
You take any security framework out of box like spring-security, they exactly do the same thing. Why do you want to reinvent the wheel ? - Santosh
Hi Santosh,Thanks for the quick response. Unfortunately, I'm not using any framework. I'm using plain Tomcat. - user2869520
Will ServletFilters provide the same functionality as well? - user2869520

1 Answers

0
votes

Here is one way this can be accomplished.

Cookie+Filter Approach:

  1. You receive a request from user,
  2. Check if the user is logged in in the filter (You can do this by checking any cookie that you are setting for logged in user or valid session object),
  3. If the user is not logged in, redirect the user to the login page AND set a cookie (with a name say redirect ) with the current request URL.
  4. User sees the login page, enters credentials,
  5. Servlet receives the login request, it validates the users, if login is correct, it checks for the redirect cookie, retrieves the URL, deletes the redirect cookie and redirects the user to that URL.