In this article I am going to show you how to prevent user going back to the login page if a user is already logged in or redirect a user to the login page if the user is not already logged in.
When browser caches the resources then clicking on the browser’s back button will take a user to the login page again and it gives bad experience to the users.
Even if the user presses the browser’s back button it will take him/her to the login page if the user is not already logged in otherwise it will take the user to the logged in home page or dashboard page.
Prerequisites
Knowledge of web application, Java, Servlet
So here I am going to give you the code snippets to prevent it and for this I am going to write a servlet filter.
Related Posts:
- Username availability check using JSP and Servlet
- Login and Logout with Remember Me using Servlet and JSP
Servlet Filter
I am going to write the below servlet filter class to prevent user going back to the login page.
package com.roytuts.servlet.filter;
public class AuthFilter implements Filter {
public AuthFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
Login login = null;
if (session != null) {
login = (Login) session.getAttribute("Login");
}
boolean isLoggedIn = (login != null);
// Check if the user is accessing login page
if (req.getRequestURI().equals(
req.getContextPath() + "/pages/login.jsp")) {
if (isLoggedIn) {
// Redirect to landing or home page
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath()
+ "/pages/home.jsp");
} else {
// Otherwise, nothing to do if he has not logged in
// pass the request along the filter chain
chain.doFilter(request, response);
}
} else {
// For all other pages,
if (isLoggedIn) {
// Nothing to do
chain.doFilter(request, response);
} else {
// Redirect to login page if he has not logged in
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath() + "/pages/login.jsp");
}
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
In the above Servlet Filter I am retrieving a Login object and checking for null and redirecting user to the appropriate page. A Login object is a simple POJO class that holds login information like username, email etc.
Web pages such as login.jsp, home.jsp etc. are kept into webapp/pages/ directory of the web application.
So using Servlet Filter you are easing your checking task to automatically redirect a user to the home page.
Deployment Descriptor – web.xml
I have put the required servlet filter entry into the deployment descriptor file – web.xml. I have also configured URL pattern, session timeout, welcome page for the application.
<?xml versi encoding "UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<filter>
<display-name>AuthFilter</display-name>
<filter-name>AuthFilter</filter-name>
<filter-class>com.roytuts.servlet.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>20</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
If you don’t want to use web.xml you can use annotation on Servlet Filter as shown in the following example.
@WebFilter(filterName="AuthFilter", urlPatterns={"*.jsp"})
public class AuthFilter implements Filter {
//...
}
Thanks for reading.