Thursday, 1 December 2016

Session Management JSP

Managing sessions is a crucial task while creating your website/ web application.

That being said, let's see how to manage sessions based on validity of logged in user id.

What we want is that after successful login, user cannot navigate back to index page until logged out or until session expires. Once once logged out, user cannot navigate to transactional pages.

Here's a simulation program for that. Get the logic from this small flow and you can implement it in any big program.

Here we go..

Project Structure:


                               

web.xml
------------------

<web-app id="WebApp_ID" version="2.4"
   xmlns="http://java.sun.com/xml/ns/j2ee" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
   http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

   <display-name>Spring MVC Application</display-name>

   <servlet>
      <servlet-name>HelloWeb</servlet-name>
      <servlet-class>
         org.springframework.web.servlet.DispatcherServlet
      </servlet-class>
      <load-on-startup>1</load-on-startup>
   </servlet>

   <servlet-mapping>
      <servlet-name>HelloWeb</servlet-name>
      <url-pattern>/</url-pattern>
   </servlet-mapping>

</web-app>

HelloWeb-servlet.xml
-----------------------------------------
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">

<context:component-scan base-package="com.user" />
<tx:annotation-driven transaction-manager="hibernateTransactionManager" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>

UserPojo.java
----------------------------------------------------------

package com.user;

import java.io.Serializable;

public class UserPojo implements Serializable {

private static final long serialVersionUID = 1L;
private String username;
private String password;
public UserPojo() {}

public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;
}

public String getPassword() {
return password;
}

public void setPassword(String password) {
this.password = password;
}
}


HelloController.java
------------------------------------------------------------

package com.user;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.json.JSONObject;
import org.springframework.security.web.util.RedirectUrlBuilder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

import com.google.gson.Gson;

@Controller
@RequestMapping("/")
public class HelloController {
private final String userID = "uid";
private final String password = "pwd";
@RequestMapping(method = RequestMethod.GET)
public ModelAndView login(HttpSession session) {
if(session.getAttribute("username")==null) {
ModelAndView model = new ModelAndView("login");
model.addObject("message", "JSP page Session Demo.");
return model;
} else {
ModelAndView model = new ModelAndView("LoginSuccess");
model.addObject("message", "Welcome, User "+session.getAttribute("username").toString()+" login successfully.");
return model;
}
}

@RequestMapping(value = "checkLogin", method = RequestMethod.POST)
public String checkLogin(HttpSession session, UserPojo user,RedirectUrlBuilder redirect) {
if (user.getUsername().equalsIgnoreCase(userID) && user.getPassword().equalsIgnoreCase(password)) {
   session.setAttribute("username",user.getUsername());
return "redirect:/LoginSuccess";
} else {
return "redirect:";
}
}
@RequestMapping(value = "LoginSuccess", method = RequestMethod.GET)
public ModelAndView welcomePage(HttpSession session, UserPojo user,RedirectUrlBuilder redirect) {
ModelAndView model = new ModelAndView("LoginSuccess");
model.addObject("message", "Welcome to JSP page Session Demo.");
return model;
}
@RequestMapping(value = "logout", method = RequestMethod.GET)
public ModelAndView logoutSession(HttpSession session) {
String username = "";
if(session.getAttribute("username")!=null) {
username = session.getAttribute("username").toString();
session.invalidate(); 
}
ModelAndView model = new ModelAndView("login");
model.addObject("message", "Welcome Spring Login Demo.");
model.addObject("logout", "User "+username+" logout successfully.");
return model;
}
@RequestMapping(value = "welcome", method = RequestMethod.GET)
public ModelAndView welcomePage(HttpSession session) {
ModelAndView model = new ModelAndView("welcome2");
model.addObject("message", "JSP page Session Demo - page 2.");
model.addObject("username", session.getAttribute("username"));
return model;
}
    
}


login.jsp
------------------------------------------------------------

<%@ page contentType="text/html; charset=UTF-8" %>
<% 
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
%>
<html>
<head>
<title>Login Page</title>
</head>
<body>
   <h2>${message}</h2>
   <form action="checkLogin" method="post">
  UserName : <input type="text" name="username"><br/>
  Password : <input type="password" name="password"><br/>
  <input type="submit" name="login" value="Login">
   </form>

<h2>${logout}</h2>
</body>
</html>

LoginSuccess.jsp
-----------------------------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<% 
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
if (session.getAttribute("username") != null && !session.getAttribute("username").toString().trim().isEmpty()) {
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<c:out value="${message}" /><br/>

<a href="welcome"><input type="button" value="welcome2"></a>
<a href="logout"><input type="button" value="Logout"></a>
</body>
</html>
<%
} else {
response.sendRedirect("");
}
%>

welcome2.java
------------------------------------

<%@ page language="java" contentType="text/html; charset=US-ASCII"
    pageEncoding="US-ASCII"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<% 
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
if (session.getAttribute("username") != null && !session.getAttribute("username").toString().trim().isEmpty()) {
%>    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>welcome 2</title>
</head>
<body>
<h3>Hi ${username}, Login successful.</h3>
<br>
<a href="logout"><input type="button" value="Logout"></a>
<footer>
</footer>
</body>
</html>
<%
} else {
response.sendRedirect("");
}
%>

Now deploy and run the program
-----------------------------------------------------------------------

welcome page
--------------------

uid: uid
password: pwd

on successful login:


on clicking back button from this page, it is redirected to this page (LoginSuccess page) itself and back navigation is blocked to welcome page.

On clicking logout, you will be redirected to logout page and you would not be able to navigate back to LoginSuccess page:






No comments:

Post a Comment