February 2005
Intermediate to advanced
528 pages
12h 53m
English
You want to allow users to be logged in automatically if they have valid credentials stored in a cookie(s).
Use a servlet filter, such as the one shown in Example 11-12, that looks for cookies containing the user's credentials. The credentials are used to authenticate the user. If the authentication succeeds, the user is automatically logged in; otherwise, the user will be prompted to login.
Example 11-12. Cookie authentication filter for automatic login
package com.oreilly.strutsckbk.ch11; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * Filter which handles application authentication. The filter implements * the following policy: * <ol> * <li>If the username is in the session the filter exits; * <li>If not, the authentication cookies are looked for; * <li>If found, the authentication is attempted * <li>If authentication is successful, the username is stored in * the session * <li>Otherwise, the cookies are invalid and subsequently removed * from the response * </ol> * * @author Bill ...