Home/ Questions/Q 544709
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T10:41:03+00:00

I am a newbie servlet programmer. I am trying to do this right. I

  • 0

I am a newbie servlet programmer. I am trying to do this right.

I wrote a filter to intercept a servlet request and check if the URL needs the user to be logged in. If so the user gets directed to the login page. This is working. But then I want to redirect the user back the page he wanted to go to in the first place. What is the correct way to keep this state? Do I just store the URL in a data structure indexed using the session id from the cookie?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I wrote a filter to intercept a servlet request and check if the URL needs the user to be logged in.

    This doesn’t seem to sound right. You should rather map the Filter on the same url-pattern of the Servlet, or better yet, on the servlet-name of the Servlet. This way the Filter is only invoked whenever the Servlet is called.

    Back to your actual problem: when the user is not logged in, you have two options:

    1. Store the URL in session:

      if (session.getAttribute("user") == null) {
    session.setAttribute("back", httpRequest.getRequestURI());
    httpRequest.sendRedirect("login");
} else {
    chain.doFilter(request, response);
}

      which you use on login:

      User user = userDAO.find(username, password);
if (user != null) {
    session.setAttribute("user", user);
    String back = (String) session.getAttribute("back");
    if (back != null) {
        session.removeAttribute("back");
        response.sendRedirect(back);
    } else {
        response.sendRedirect("home"); // Home page?
    }
} else {
    // Show error?
    request.setAttribute("message", "Unknown user, please retry");
    request.getRequestDispatcher("login").forward(request, response);
}

    2. Pass the URL as request parameter:

      if (session.getAttribute("user") == null) {
    httpRequest.sendRedirect("login?back=" + httpRequest.getRequestURI());
} else {
    chain.doFilter(request, response);
}

      which you pass through to subsequent request as hidden input field:

      <input type="hidden" name="back" value="${param.back}">

      which you use on login:

      User user = userDAO.find(username, password);
if (user != null) {
    session.setAttribute("user", user);
    String back = request.getParameter("back");
    if (back != null) {
        response.sendRedirect(back);
    } else {
        response.sendRedirect("home"); // Home page?
    }
} else {
    // Show error?
    request.setAttribute("message", "Unknown user, please retry");
    request.getRequestDispatcher("login").forward(request, response);
}

    URL encoding as some suggest is not needed as the getRequestURI() won’t be decoded.

    • 0