Home/ Questions/Q 1059173
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T18:07:56+00:00

I have a webapp with form-based authentication. On the login page, I have placed

  • 0

I have a webapp with form-based authentication. On the login page, I have placed a link to a public registration form. The registration adds a user in the database that is used for authentication.

Now, is is possible to do an automatic login as the new user after the registration is complete, without returning to the login page?

UPDATE

More info, as requested:

DataSource in $CATALINA_BASE/conf/server.xml:

...
    <GlobalNamingResources>
...
        <Resource auth="Container" type="javax.sql.DataSource" name="jdbc/gporder"
                  driverClassName="com.mysql.jdbc.Driver"
                  url="jdbc:mysql://localhost/gporder"
                  maxActive="100" maxIdle="30" maxWait="10000"
                  username="xxx" password="yyy"/>
...
    </GlobalNamingResources>
...

Resource links and realm in $MYWAR/META-INF/context.xml:

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/gporder">
    <ResourceLink global="jdbc/gporder" name="jdbc/gporder"
            type="javax.sql.DataSource"/>
    <Realm className="org.apache.catalina.realm.DataSourceRealm" 
            dataSourceName="jdbc/gporder" debug="99" localDataSource="true"
            digest="MD5" roleNameCol="role" userCredCol="password_hash"
            userNameCol="username" userRoleTable="rolemap" userTable="users"/>
</Context>

What else? there is a JSP with the HTML registration form, and a servlet that handles the POST when the form is submitted. They are both too long to be pasted here, but the servlet builds a new user and save it in the database (via hibernate).

After that, a redirect is done on an initial page, which causes tomcat to redirect to the login page instead. So my question is: is there a way to use the username and password entered in the registration form to force a login, and avoid further redirects on the login page?

I would like to avoid relying on tomcat’s internal classes.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here is a possible solution: the registration must be included in the login procedure.

    A link to the registration form is included in the login form, tough the two forms could also share the same page. Here is the code for login.jsp:

    <%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Authentication</title>
    </head>
    <body>
        <h1>Authentication</h1>
        <p>Please enter your username and password below, then click on the
            'Login' button</p>
        <form action="j_security_check" method="POST">
            <dl>
                <dt><label for="j_username">Username: </label></dt>
                <dd><input type="text" id="j_username" name="j_username"></dd>
                <dt><label for="j_password">Password: </label></dt>
                <dd><input type="password" id="j_password" name="j_password"></dd>
                <dd><input type="submit" name="login" value="Login"></dd>
            </dl>
        </form>
        <p>If you don't own an account yet, and would like to register,
            <a href="register.jsp">please click here</a></p>
    </body>
</html>

    Here is the registration form, register.jsp:

    <%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Registration</title>
    </head>
    <body>
        <h1>Registration</h1>
        <p>Please fill in the form below, then click on the 'Register'
            button</p>
        <form action="register" method="post">
            <dl>
                <dt><label for="username">Username: </label></dt>
                <dd><input type="text" id="username" name="username"></dd>
                <dt><label for="password">Password: </label></dt>
                <dd><input type="password" id="password" name="password"></dd>
                <dt><label for="password">Verification: </label></dt>
                <dd><input type="password" id="verification" name="verification"></dd>
                <dt><label for="firstname">First name: </label></dt>
                <dd><input type="text" id="firstname" name="firstname"></dd>
                <dt><label for="lastname">Last name: </label></dt>
                <dd><input type="text" id="lastname" name="lastname"></dd>
                <dt><label for="email">E-mail address: </label></dt>
                <dd><input type="text" id="email" name="email"></dd>
                <dd><input type="submit" name="register" value="Register"></dd>
            </dl>
        </form>
    </body>
</html>

    Upon submission, the registration fields are posted to a servlet that create a new user in the database, and then redirect to /j_security_check:

    String username = request.getParameter("username");
String password = request.getParameter("password");
User user = new User();
user.setUsername(username);
user.setPassword(password);
user.setFirstName(request.getParameter("firstname"));
user.setLastName(request.getParameter("lastname"));
user.setEmail(request.getParameter("email"));

// ... register the user, then if everything is OK, do:

String url = request.getContextPath() + "/j_security_check";
response.sendRedirect(url + "?j_username="
        + URLEncoder.encode(username, "UTF-8")
        + "&j_password="
        + URLEncoder.encode(password, "UTF-8"));
    • 0