tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reynir Hübner <rey...@hugsmidjan.is>
Subject RE: application-sevlet communication and authentication question
Date Wed, 17 Oct 2001 20:21:15 GMT
The sessoin is "always" kept in a cookie (on the client side).
the standard java.net.URLConnection does not do anything for cookies, so
to be able to hold on to a session, you must get the cookie and send it
back with next request.


Maybe this extract from the source of jakarta-struts-bean include-Tag
helps you to understand what I mean :

  URLConnection conn = null;
  conn = url.openConnection();
  conn.setAllowUserInteraction(false);
  conn.setDoInput(true);
  conn.setDoOutput(false);
  StringBuffer sb = new StringBuffer("JSESSIONID=");
  sb.append(theSessionID);
  conn.setRequestProperty("Cookie", sb.toString());

so this source would at least put the session-cookie into scope at the
server.
maybe you should take a look at some other http clients, there is one
(in alpha stage) in the jakarta-struts-commons package.
I dont know how to use it though.... and I know there is at least one
other opensource HttpClient class implementation around (somewhere in
the internet). 

well, hope it helps (at least a little bit)...


Reynir 
reynir@hugsmidjan.is





-----Original Message-----
From: Fusun Eryoldas [mailto:FEryoldas@KBSI.com]
Sent: 17. október 2001 19:35
To: tomcat-user@jakarta.apache.org
Subject: application-sevlet communication and authentication question



Hello, 
I am using Tomcat 3.2.3 and form based authentication. My question is
about how to do authentication when the client is a standalone java
application. Since it is an application, there is no browser involved.
Therefore, using cookies option would not make any sense.  
Following is that what I am doing in my java code for sevlet
communication: 
(The name of the servlet which is secured by the form based
authentication is "ListClients")

URL url = new URL("http://localhost:8080/myapplication/ListClients");

URLConnection URLcon = url.openConnection();
URLcon.setDoOutput(true);   
URLcon.setUseCaches(false); 
URLcon.setAllowUserInteraction(true);
 
String userSignature = "j_username="  + URLEncoder.encode("joe") +
                                 "&j_password=" +
URLEncoder.encode("pssjoe");
   
DataOutputStream printout = new
DataOutputStream(URLcon.getOutputStream()); 
printout.writeBytes(userSignature);      
printout.flush();      
printout.close();          

DataInputStream in = new DataInputStream(URLcon.getInputStream());

String stline;
while((stline = in.readLine()) != null)
      System.out.println(stline);
in.close();  

Although I send the j_username and j_password to the servlet, the only
thing I can get as a response from the servlet
is my login html page. 
I think for some reason, I can not accomplish to create a session. 

I would really apprecite If you could help me with this. 
Thanks, 
Fusun

Mime
View raw message