4

I have a login servlet and after successful login, I want the user to

/login/{username}/

How can I place username in the URL for POST request?

I have looked up certain answers like this and this but couldn't understand how to actually accomplish my goal. I would like to stick to using servlets and refrain from using technologies like JAX-RS and so on.

This is my login logic implementation:

   private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKeySpecException, NoSuchAlgorithmException, ServletException, IOException {
    String userInput = request.getParameter("user_name");
    String pass = request.getParameter("pass");
    pst = c.prepareStatement(query);
    pst.setString(1,userInput);
    rs = pst.executeQuery();
    while (rs.next()){
        imiya = rs.getString("user_name");
        kyuch = rs.getString("key");
        kodom = rs.getBytes("nitrate");
    }
    EncryptClass instance = new EncryptClass(2048,100000);
    if(instance.chkPass(pass,kyuch,kodom) && imiya.equals(userInput)){
        HttpSession session = request.getSession();
        session.setAttribute("userLogged",userInput);
        request.setAttribute("title",userInput);
        String pathInfo = request.getPathInfo();
        if(pathInfo!=null || !pathInfo.isEmpty()){
            String[] pathArr = pathInfo.split("/");
            String val = pathArr[1];//{username}
          //now what??.....
        }
        request.getRequestDispatcher("/LoginLanding.jsp").forward(request,response);
    } else {
        request.setAttribute("message", message);
        request.getRequestDispatcher("/index.jsp").include(request,response);
    }
}

And this is the web.xml for it:

<servlet>
    <servlet-name>Login</servlet-name>
    <servlet-class>AuthPack.ServletLogin</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Login</servlet-name>
    <url-pattern>/Login/*</url-pattern>
</servlet-mapping>

After I submit the form, the URL becomes something like

/login

But I want it like this:

/login/{username}

more preferably:

/{username}

Shankha057
  • 1,296
  • 1
  • 20
  • 38
  • The first link seems to be the solution. What exactly is the problem with it? It would be best to show us your code. – vanje Sep 22 '17 at 15:26

2 Answers2

1

you have to use a url rewriter or a filter.

Here is an example using a filter method:

in your login servlet instead of going to loginLanding.jsp you redirect to the filter like so:

//REDIRECT TO filter 
response.sendRedirect("/user/"+userInput);

To create a filter, it's very similar to creating a servlet, and you get the option to create a mapping like this (web.xml):

  <filter>
    <display-name>UserFilter</display-name>
    <filter-name>UserFilter</filter-name>
    <filter-class>filters.UserFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>UserFilter</filter-name>
    <url-pattern>/user/*</url-pattern>
  </filter-mapping>

Your filter should look something like this:

public class UserFilter implements Filter {

public UserFilter() {
}

public void destroy() {
}

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
      String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
        HttpSession session = (((HttpServletRequest) request).getSession());

        String RequestedUsername = null;

        if(requri.contains("user/")){
          //get the username after "user/"
          RequestedUsername=requri.substring(5);
          if(!RequestedUsername.isEmpty()){
           //if not empty set session
           session.setAttribute("loggedInUser",RequestedUsername);
             }
        }

      //forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
      request.getRequestDispatcher("/profile").forward(request, response);


     }
Jonathan Laliberte
  • 2,672
  • 4
  • 19
  • 44
0

In this code, you expect the parameters to be in the available in HttpServletRequest.getParameter() accessed from the doPost() method in your servlet:

String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");

But you don't show whether you are a) submitting the request as a POST or b) accessing these from the doPost() call in your servlet.

You can access parameter information on the path by using HttpServletRequest.getPathInfo() (see this link)

String extraPathInfo = request.getPathInfo();
// If extraPathInfo is not null, parse it to extract the user name
String pass = request.getParameter("pass");

If your servlet is available at /login and you append the user name to that (like /login/someUser/) then getPathInfo() will return that, though you may want to check whether this includes the slashes.

As an aside, doing this for a login feature creates a security vulnerability. Rather than putting user names on the path, it's better to simply send both the username and password as POST parameters.

Michael Peacock
  • 2,011
  • 1
  • 11
  • 14