Hello All,

I have been developing a website that has a secure area. At the beginning of the secure page I wrote a scriptlet to check whether the user is logged in. I want to take this scriplet and put it in a javabean. Could any of you guys suggest a way of doing this?

        String clientIP     =   request.getRemoteAddr(); //get remote address
        String clientHost   =   request.getRemoteHost(); //get client host

        int hashVal     =   (request.getRemoteAddr() + request.getRemoteHost()).hashCode(); //create hash

        if(session.getAttribute("hsh")  !=  null){       //hash was not created for this session..
            if(Integer.parseInt(session.getAttribute("hsh").toString()) != hashVal){    //hashes should be the same

                response.sendRedirect("./login_page.jsp?error=2");       //the hashes dont match up (not the same user)
            } else {
        } else {

Figured it out.


Best way is to pass request and response to a javabean like this:

<jsp:useBean id="LoginChecker" class="usr.LoggedSession" scope="session"/>

     LoginChecker.service(request, response)

Java Bean

Once you have this, you can then create the bean which looks like this:

package usr;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class LoggedSession {
    public void service (HttpServletRequest request, HttpServletResponse response) throws IOException{
        HttpSession session =   request.getSession();  //session needed for attributes

        //need to generate a hash parameter of the currrent request to compare to
        //the stored 'hsh' attribute. (prevent hijacking)
        int hashVal =   (request.getRemoteAddr() + request.getRemoteHost()).hashCode();

        //if no attribute is present..
        if(session.getAttribute("hsh")  !=  null){

            //if attribute does not match generated hash value..
            if(Integer.parseInt(session.getAttribute("hsh").toString()) != hashVal){
                //something is wrong..
            } else {
                //do nothing at the moment..
        } else {
            //not logged in..

Not sure this is the best way though, but it works.

This question has already been answered. Start a new discussion instead.