JavaBean - Http session change attributes

Question

fpsasm 0 Posting Whiz in Training

12 Years Ago

Hello All,

I have been developing a website that has a secure area. At the beginning of the secure page I wrote a scriptlet to check whether the user is logged in. I want to take this scriplet and put it in a javabean. Could any of you guys suggest a way of doing this?

        String clientIP     =   request.getRemoteAddr(); //get remote address
        String clientHost   =   request.getRemoteHost(); //get client host

        int hashVal     =   (request.getRemoteAddr() + request.getRemoteHost()).hashCode(); //create hash

        if(session.getAttribute("hsh")  !=  null){       //hash was not created for this session..
            if(Integer.parseInt(session.getAttribute("hsh").toString()) != hashVal){    //hashes should be the same

                response.sendRedirect("./login_page.jsp?error=2");       //the hashes dont match up (not the same user)
            } else {
            }
        } else {
            response.sendRedirect("./login_page.jsp?error=1");
        }

http-protocol java session

1 Contributor
1 Reply
266 Views
20 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by fpsasm

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

fpsasm 0 Posting Whiz in Training · Answer 1 · 2012-08-17T09:09:19+00:00

Figured it out.

HTML File

Best way is to pass request and response to a javabean like this:

<jsp:useBean id="LoginChecker" class="usr.LoggedSession" scope="session"/>

<html>
<%
     LoginChecker.service(request, response)
     .....

Java Bean

Once you have this, you can then create the bean which looks like this:

package usr;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class LoggedSession {
    public void service (HttpServletRequest request, HttpServletResponse response) throws IOException{
        HttpSession session =   request.getSession();  //session needed for attributes

        //need to generate a hash parameter of the currrent request to compare to
        //the stored 'hsh' attribute. (prevent hijacking)
        int hashVal =   (request.getRemoteAddr() + request.getRemoteHost()).hashCode();

        //if no attribute is present..
        if(session.getAttribute("hsh")  !=  null){

            //if attribute does not match generated hash value..
            if(Integer.parseInt(session.getAttribute("hsh").toString()) != hashVal){
                //something is wrong..
                response.sendRedirect("./login_page.jsp?error=2");
            } else {
                //do nothing at the moment..
            }
        } else {
            //not logged in..
            response.sendRedirect("./login_page.jsp?error=1");
        }
    }
}

Not sure this is the best way though, but it works.