Java – authentication via Servlet
My situation is as follows:
I run two web applications on Tomcat Initially, the user logs in to application 1 and then There is a link to application 2 When you click the link, you should redirect the user to a second application
Both applications use LDAP authentication
Now, the problem here is that the second application has its own authentication system
Therefore, we plan to implicitly authenticate users logged in in the first system
I wrote a servlet that will execute when I click the link of app2 in app1
I try to use the following code, which should call the servlet "LDAP login" on app2 with a given parameter The parameter name is correct
String targetURL = "http://localhost:8080/app2/ldap-login"; HttpClient client = new HttpClient(); PostMethod doPost = new PostMethod(targetURL); //doPost.getParams().setBooleanParameter(HttpMethodParams.USE_EXPECT_CONTINUE,true); doPost.addParameter("login_netid","alice"); doPost.addParameter("login_password","alice"); try { int status = client.executeMethod(doPost); if (status == HttpStatus.SC_OK) { // redirect response.sendRedirect("http://localhost:8080/app2/myPage"); } else { System.out.println("Service Failed,Response Code= " + HttpStatus.getStatusText(status)); System.out.println("Response Body --> " + doPost.getResponseBodyAsString()); } } catch (Exception ex) { System.out.println("ERROR: " + ex.getClass().getName() + " "+ ex.getMessage()); ex.printStackTrace(); } finally { doPost.releaseConnection(); }
But the response I got was "temporary movement"
Anyone can suggest me to replace?
Solution
302 the moved temporary response is just a redirect This is exactly what you do in response The kind of response you get when sendredirect() You can also get redirects well in response to successful login I recommend that the second application verify that the login is successful and that it is redirected Then, you should check that the response code is 302 instead of 200 Alternatively, you need to tell httpclient to automatically track any redirects
More importantly, if the login actually fails, what response will you get from the second application? Will it throw an exception and return a response code of 500? Or does it just conditionally set some error messages within the request scope and redisplay the JSP by forwarding, so as to keep the response code at 200? So how to distinguish between failed login 200 and failed login 200 when logging in successfully?
Regardless of the specific problem, if the second application does not share the same session with the first application, your method may not work Login is usually stored in the session, but you will not maintain the session anywhere Anyway, this is the subject of a new problem:)