-
1. Re: Autologin Form Based Authentication with Cookie
I use this to autologin the first time a user registers...don't know if this helps
import java.io.IOException; import java.util.Iterator; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.httpclient.Cookie; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpException; import org.apache.commons.httpclient.HttpMethod; import org.apache.commons.httpclient.HttpState; import org.apache.commons.httpclient.HttpStatus; import org.apache.commons.httpclient.methods.GetMethod; import org.apache.log4j.Logger; /** * @web.filter name="autoLoginFilter" display-name="Auto Login Filter" * @web.filter-mapping url-pattern="/autologin/*" */ public class AutoLoginFilter implements Filter { private String protectUrl = "http://~"; private String jsecurityUrl = "http://~"; private static Logger log = Logger.getLogger(AutoLoginFilter.class); private FilterConfig filterConfig; public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { log.debug("Called doFilter"); try { HttpServletRequest realrequest = (HttpServletRequest)request; String username = (String)realrequest.getSession().getAttribute("username"); String password = (String)realrequest.getSession().getAttribute("password"); log.debug("Autologin: " + username); HttpClient client = new HttpClient(); HttpMethod get = new GetMethod(protectUrl); HttpState state = new HttpState(); Cookie cookie = new Cookie(~domain, "JSESSIONID", realrequest.getSession().getId() ); cookie.setPath("/"); log.debug("Cookie: " + cookie.toExternalForm()); log.debug("Cookie Domain: " + cookie.getDomain()); log.debug("Cookie Path: " + cookie.getPath()); log.debug("Cookie Seucre: " + cookie.getSecure()); state.addCookie(cookie); client.setState(state); try { int statusCode = client.executeMethod(get); if (statusCode != HttpStatus.SC_OK) { log.error("Method failed: " + get.getStatusLine()); } } catch (HttpException e) { log.error("Fatal protocol violation: " + e.getMessage()); } catch (IOException e) { log.error("Fatal transport error: " + e.getMessage()); } finally { get.releaseConnection(); String form = jsecurityUrl + "?j_username=" + username + "&j_password=" + password; HttpMethod get2 = new GetMethod(form); int statusCode2 = client.executeMethod(get2); log.debug("Autologin Status Code: " + statusCode2); /* uncomment to debug byte[] responseBody = get2.getResponseBody(); log.debug("Response:" + new String(responseBody)); */ get2.releaseConnection(); } HttpServletResponse realresponse = (HttpServletResponse)response; realresponse.sendRedirect(realrequest.getContextPath() + "/secure"); } catch (IOException io) { log.error("IOException:" + io.toString()); } } public FilterConfig getFilterConfig() { return this.filterConfig; } public void setFilterConfig(FilterConfig filterConfig) { this.filterConfig = filterConfig; } public void destroy() { } public void init(FilterConfig arg0) throws ServletException { } }