Logout user to external Jsp in application's init() method

Hi

I have a requirement to check if the user is logged in when my application starts. So in my init method of my application class I check if the user is logged in, if not i have to redirect the user to login.jsp which is also configured in the same web.xml. My login.jsp has a context path starting with
/login
My vaadin application has a context path
/hcmu
. I also have a logout button which when clicked logouts the user and redirects the user to the login page i.e. /login context path. But when i check for user in session in my application’s init method and call application.close() the context path does not change. why is this happenning Please find the code below for my web.xml and my view’s
navigate method where i check for logged in user


	<servlet>
		<servlet-name>HCMU Application</servlet-name>
		<servlet-class>
			com.vaadin.terminal.gwt.server.ApplicationServlet
		</servlet-class>
		<init-param>
			<description>Vaadin application class to start</description>
			<param-name>application</param-name>
			<param-value>
				com.logica.medi.hcmu.webapp.HCMUApplication
			</param-value>
		</init-param>
		<init-param>
			<description>Application widgetset</description>
			<param-name>widgetset</param-name>
			<param-value>com.logica.medi.hcmu.webapp.widgetset.HcmuipadWidgetset
			</param-value>
		</init-param>
	</servlet>

<servlet-mapping>
		<servlet-name>HCMU Application</servlet-name>
		<url-pattern>/hcmu/*</url-pattern>
	</servlet-mapping>

	<servlet>
		<servlet-name>Login</servlet-name>
		<jsp-file>/login.jsp</jsp-file>
	</servlet>

	<servlet-mapping>
		<servlet-name>Login</servlet-name>
		<url-pattern>/login</url-pattern>
	</servlet-mapping>

My logout button click listener code


if (applicationMenuItems[0]
.equals(selectedItem.getText())) {
					BaseApplication.getInstance().logoutUser();
				}

My Base application code


	public boolean isUserAuthenticated() {
		WebApplicationContext ctx = ((WebApplicationContext) getContext());
		HttpSession session = ctx.getHttpSession();
		User loggedInUser = (User) session.getAttribute("LoggedInUser");
		return null != loggedInUser;
	}

	public void logoutUser() {
		System.out.println("LogoutURL : "
				+ BaseApplication.getInstance().getLogoutURL());
		WebApplicationContext ctx = ((WebApplicationContext) getContext());
		HttpSession session = ctx.getHttpSession();
		BaseApplication.getInstance().close();
	}

My view’s navigate method to check for logged in user


public void navigate(final NavigationParameters params) {
if (!application.isUserAuthenticated()) {
application.logoutUser();
			return;
}
}

Why is that the same code redirects the user to /login on button click where as from my navigate method the context path does not change from /hcmu to /login
I also initilized the logout url.

protected static final String HCMU_LOGOUT_URL = "/../login/*";

setLogoutURL(HCMU_LOGOUT_URL);

It is usually the responsibility of the SAM (Server Authentication Module) to redirect a browser request to the login screen. From your description and code sample I assume you are NOT using a SAM + Login Module but doing a custom implementation for login. I would suggest you extend ApplicationServlet and override the service method.


    @Override
    protected final void service(final HttpServletRequest req, final HttpServletResponse res) throws ServletException, java.io.IOException {
        final Principal user = req.getUserPrincipal();
        if (user == null) {
            ... redirect to your login page ...
        } else {
           super.service(req, res);
        }
    }

The code sample above assume you actually configure the authenticated principal properly ( usually done for you by the SAM + Login Module ), if you dont ,you have to put something in the session, then you should rather check for existing session + some session variable and if either is missing redirect to your login screen…

Thanks Petrus Viljoen

Your solution works fine. But then i could not understand why we cannot redirect to the login page from application’s init method?? Is it some thing forbidden?

I suspect by the time init() is called the Servlet has sent quite a bit of data to the Browser . Typically you cannot do a redirect after you have already sent data over the connection.

BTW. If you do authentication with the application container supplied mechanisms you don’t need to do you own redirects , the container will do the redirects for you even before a request gets to your application. Most application containers supply some form of FormBased authentication ( you configure the login page + authentication failure page ) and the application container will do the rest ( sort of :slight_smile: )