Java – authentication via Servlet

2020-08-02 • Java

My situation is as follows:

I run two web applications on Tomcat Initially, the user logs in to application 1 and then There is a link to application 2 When you click the link, you should redirect the user to a second application

Both applications use LDAP authentication

Now, the problem here is that the second application has its own authentication system

Therefore, we plan to implicitly authenticate users logged in in the first system

I wrote a servlet that will execute when I click the link of app2 in app1

I try to use the following code, which should call the servlet "LDAP login" on app2 with a given parameter The parameter name is correct

String targetURL = "http://localhost:8080/app2/ldap-login";

    HttpClient client = new HttpClient();

    PostMethod doPost = new PostMethod(targetURL);

    //doPost.getParams().setBooleanParameter(HttpMethodParams.USE_EXPECT_CONTINUE,true);
    doPost.addParameter("login_netid","alice");
    doPost.addParameter("login_password","alice");
    try {
        int status = client.executeMethod(doPost);
        if (status == HttpStatus.SC_OK) {
             // redirect
            response.sendRedirect("http://localhost:8080/app2/myPage");
        } else {
            System.out.println("Service Failed,Response Code= " +                  
                HttpStatus.getStatusText(status));  
            System.out.println("Response Body --> " + doPost.getResponseBodyAsString());
        }
     } catch (Exception ex) {
         System.out.println("ERROR: " + 
         ex.getClass().getName() + " "+ ex.getMessage());
         ex.printStackTrace();
      } finally {
                doPost.releaseConnection();
      }

But the response I got was "temporary movement"

Anyone can suggest me to replace?

Solution

302 the moved temporary response is just a redirect This is exactly what you do in response The kind of response you get when sendredirect() You can also get redirects well in response to successful login I recommend that the second application verify that the login is successful and that it is redirected Then, you should check that the response code is 302 instead of 200 Alternatively, you need to tell httpclient to automatically track any redirects

More importantly, if the login actually fails, what response will you get from the second application? Will it throw an exception and return a response code of 500? Or does it just conditionally set some error messages within the request scope and redisplay the JSP by forwarding, so as to keep the response code at 200? So how to distinguish between failed login 200 and failed login 200 when logging in successfully?

Regardless of the specific problem, if the second application does not share the same session with the first application, your method may not work Login is usually stored in the session, but you will not maintain the session anywhere Anyway, this is the subject of a new problem:)

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java