There is an authorization servlet

@WebServlet( name = "SignInServlet", description = "Вход пользователя - проверка имени email и пароля", urlPatterns = {"/authorization_signin"} ) public class SignInServlet extends javax.servlet.http.HttpServlet { public SignInServlet(){ } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws javax.servlet.ServletException, IOException { request.setCharacterEncoding("UTF-8"); UserDataSet user = new UserDataSet(); SignInModel modelSignIn = new SignInModel(); user.setEmail(request.getParameter("email")); user.setPassword(request.getParameter("password")); user = modelSignIn.doSignIn(user); if (request.getSession().getAttribute("loggedUser") == null) { if (user != null) { request.getSession().setAttribute("loggedUser", user); request.getRequestDispatcher("authorization.jsp").forward(request, response); response.setStatus(HttpServletResponse.SC_OK); } else { request.setAttribute("errorMessage", "Email or password is incorrect"); request.getRequestDispatcher("index.jsp").forward(request, response); response.setStatus(HttpServletResponse.SC_OK); } } } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{ response.setContentType("text/html; charset=utf-8"); response.setStatus(HttpServletResponse.SC_NOT_FOUND); } }

When authorizing go to the page "authorization.jsp"

 <body> <% if (request.getSession().getAttribute("loggedUser") != null){ UserDataSet user = (UserDataSet) request.getSession().getAttribute("loggedUser"); System.out.println("In author :" + request.getSession().getAttribute("loggedUser")); %> <h1> Hello <%= user.getFirstName() %> <%= user.getLastName() %>!</h1> <h2>AUTORIZED!</h2> <a href="/authorization_logout">Log Out</a> <% } else { %> <h1>IDI DOMOI</h1> <% } %> </body>

The browser goes to this page and displays the specified data.

BUT, if the pens in the URL bar go to localhost: 8080 then immediately try to go to "authorization.jsp"

the filter will turn on

 @WebFilter(filterName = "LoginFilter") public class LoginFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { HttpServletRequest httpRequest = (HttpServletRequest) req; HttpServletResponse httpResponse = (HttpServletResponse) resp; System.out.println("Enter filter"); System.out.println("Filter session: " + httpRequest.getSession(false).getAttribute("loggedUser")); UserDataSet user = (UserDataSet) httpRequest.getSession(false).getAttribute("loggedUser"); if (user != null) { System.out.println("CHAIN"); chain.doFilter(req, resp); } else { httpResponse.sendRedirect("/"); System.out.println("Not signin"); } } public void init(FilterConfig config) throws ServletException { } }

then the filter will say that the session does not exist. I do not understand why it is dying ...

Also, if after authorization with pens, go to any page in the .jsp page where the session is checked, then there is no session ...

What am I doing wrong?

  • one
    this if (user != null) completely meaningless condition, you could just as well write if(true) , since the line above you create an object. - Mikhail Vaysman
  • This code was copied by me when the user was obtained from the database =) so yes, I agree. Now I will correct the question - Eugene

1 answer 1

The answer was found in the English "fellow"

in JSP files, you need to check the session not through request - it will not be there, you need to check session.getAttribute(...)

Link to answer