In my test application, filter authentication is configured. When you first start the program, you need to enter twice the login and password, because the first time it cannot authorize, it displays an error about incorrect login / password. Here is my post method from AuthServlet:

  @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String login = req.getParameter("login"); String password = req.getParameter("password"); if (login.equals("admin") && password.equals("admin")) { HttpSession admSession = req.getSession(); admSession.setAttribute("login", "admin"); req.setAttribute("role", Role.ADMIN); resp.sendRedirect(String.format("%s/users", req.getContextPath())); } else { if (ValidateService.getInstance().isValidLogPass(login, password)) { HttpSession session = req.getSession(); session.setAttribute("login", login); User user = DBStore.getInstance().findByLogin(login); session.setAttribute("role", user.getRole()); session.setAttribute("user", user); resp.sendRedirect(String.format("%s/users", req.getContextPath())); } else { req.setAttribute("error", "Invalid credentials"); doGet(req, resp); } } }
  • What login and password do you enter? - Roman C
  • If I enter admin / admin then I go in the first time, but I need to refresh the page to see the list of users (by task, after authorization, I get to the page with the table of users). And if you enter a username and password from existing users in the database, you must enter it twice, because from the first time it says that the data is incorrect. - Dmitry
  • Can you display a list of users without authorization? - Roman C
  • No, for any operation, you must first log in. Redirect to the login page when trying to get to another place. - Dmitry

0