How to redirect a request for a jsp to a servlet

Here is the scenario:

We have an internal web application that was built whose entry point is a servlet.  Using a  servlet as the entry point has allow us to extract user id credentials from our SSO agent and do a bit more application specific user authentication etc.  After a given user is authenticated the servlet redirects to the initial search page with fields pre-populated with user information etc.

Problem:
We looking for the best way to allow or circumvent when that first search page is book marked and the servlet authentication processing is bypassed. When a user does bookmark that first page then tries to request that 1st page the users info is not populated.  What we need is a best way to redirect the request for the first page to the servlet when the user has bookmarked and requested that initial search page. Any and all suggestions would be most welcome.

This particular Java/J2EE app has been built using JDevelop 10g ADF JSF architecture.


Thanks
West100Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mrcoffee365Commented:
Usually what people do is apply login security to the page for which you want to require login.  Since it's SSO, and I assume that they've logged in somewhere else, it doesn't delay the user very much to go through your SSO login process before getting to the jsp page.
0
West100Author Commented:
The app is already SSO enabled meaning users are required to login.  There is more specific user information pulled out of backend tables using the userid.  All of that is done in the servlet  via "request.getRemoteUser()".

What we need is a way to redirect a request for that initial search page that requires user information to the servlet to get the remoteuser from the SSO header if it exists if the request is coming from that page being book marked .....
0
mrcoffee365Commented:
As I said, the way this is usually done is to put login security on the page where you want SSO to be required.   That is generally exactly the case for SSO -- the user has logged in somewhere else, but not in this web context.  So the internal login for this web context establishes whatever information about the user which is wanted for the user session, and redirects to the desired page after that is done.  Or,alternatively, sending the user to a login screen, because it has realized that the user is not currently logged in.

Your question sounded like you wanted the first time the user came to your webapp -- i.e., if the user did not have a session with the important information in it -- you wanted the user  to be redirected to the internal SSO login so that info could be recorded after which the user would be redirected to the specific page.  Perhaps it wasn't clear that what I meant by "internal SSO login" was not that the user would be passed to an actual login page, but that the web server would run the unseen-by-the-user SSO login, which would set the information you're interested in, then redirect the user to the requested page.

However, if you have reasons not to do what most people do, which is quite possible, then the answer is that nothing in the servlet engine already does that (besides the login protection process).

In that case, you have to write the code to do what you want yourself and either add it directly to the page in question (all the pages in question), or add a filter to the servlet engine to check and possibly execute your internal info gathering on every user request to the servlet engine, which is usually done with a Filter.  The latter is very similar to what the login security process does, but it's more work, hence my first answer.

If you want to execute code on every servlet request, then it might work for you to add a Filter to your servlet engine.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

mccarlIT Business Systems Analyst / Software DeveloperCommented:
Just to add (clarify) a little bit to @mrcoffee365's extensive post, I agree that a javax.servlet.Filter is the correct way to go, rather than relying on a correct initial call to a servlet to setup the user details correctly. But the main point to make, is that even though they are generally referred to as servlet filters, that the can be configured to be called before JSP requests just the same as Servlet requests. It all just depends on the <filter-mapping>'s <url-pattern> value in web.xml; if that url-pattern matches a request for a servlet, then calls to that servlet will have the filter applied, however if the url-pattern matches a request for a jsp page, then calls to that jsp page will have the filter applied.

By the sounds of things, you should probably move your logic from the servlet to a filter that gets applied to ALL jsp pages (or at least ones that require these extra user details that you gather). Also, I assume that the servlet gets these extra details and then stores them in the user's session so that they can be retrieved by the jsp page after being redirected? If so, the logic that you would follow with the filter (since the filter will get applied to every request for that or other jsp pages), is that you just check if the session has had the details populated and then only if they aren't, you make your DB calls to retrieve them.

Also, just in case you have come across filters before (I don't want to be telling stuff you already know, but just in case..), despite the name, a filter doesn't necessarily have to act like a traditional filter, ie. let some requests through and block others. In Java servlet terms, a filter is just a hook that can do some sort of processing of a request before the real processing happens, and also they can postprocess the response after the real response has been generated (with some exceptions).
0
West100Author Commented:
I've requested that this question be deleted for the following reason:

No valid answer given in a timely manner
0
mrcoffee365Commented:
We answered the question, correctly and extensively.  Sometimes "it doesn't do that" is the right answer.  We went further and gave information for ways to get the functionality in other ways.  Award points to both experts:

mrcoffee365: http://www.experts-exchange.com/Programming/Languages/Java/J2EE/JSP/Q_28260047.html#a39553977

mccarl: http://www.experts-exchange.com/Programming/Languages/Java/J2EE/JSP/Q_28260047.html#a39554584
0
mccarlIT Business Systems Analyst / Software DeveloperCommented:
I agree with mrcoffee365's post above.

And I'll also add that I think it is quite rude to attempt to delete the question and post the reason that you did, when to have not provided any response to the last two comments that we had posted.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
West100Author Commented:
Your both correct .... My mistake .... I did not realize to what question that brief comment was going to. No excuse just in a rush. Sorry about that. It has been quite awhile for this question and I believe we did end up with a solution that address our issue with your comments in mind.
0
West100Author Commented:
Thanks for your patience.
0
mccarlIT Business Systems Analyst / Software DeveloperCommented:
I did not realize to what question that brief comment was going to. No excuse just in a rush. Sorry about that
No worries, thanks for explaining. And I take back my comment about being rude then, I know that these things happen sometimes. Thanks for accepting the answers. :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.