Servlets: Keeping HTTPRequest between requests

[javerd]

How can I keep a copy of the HTTPRequest between two calls to a servlet?
I'm using Weblogic AS 6 and the container reuse the instance of the HTTPRequest so I can't keep the request that i need...
I'm doing this because I'm implementing a transparent login method and I want to execute the requests that triggers the login after the login process finish...

Thanks in advice...
Javier Erdozáin
E-Mail: benito5@terra.es

 

[wushutwist]

After a sucessful Login, create a RequestDispatcher and forward() the HttpServletRequest object (along with the Response object) to the desired Servlet/JSP. This will flush the output stream and cause an IllegalStateException if the Response has already been committed. So just make sure you are not writing to the Response in your Login Process (ie no Login Successful Page). Wushutwist

 

[javerd]

But I have the same problem, I have lost the original HTTPRequest with the URL and data... I only have the post of the login request...

The steps I follow are:
1. Original post(the most complicated case...)
2. The user is not logged in...
3. I'll send the login page as response
(I think that I need to save HTTPRequest here...)
4. POST of the login form.
5. If the login check is correct, I can do a forward...

My problem is that I don't know how to make a copy of the first HTTPRequest...

Any suggestion?

thanks again

Javier

 

[wushutwist]

Sorry, I didn't fully understand your question. Well, you could solve your problem by placing the necessary information into a Session object or by populating hidden fields in the Login Page with the information. Wushutwist

 

[javerd]

We want to simulate the login process of an application server like WebLogic.
We tried to put the original HTTPRequest into the Session, but the container reuse the object so the info of the original request is lost when we finnish the login process.
(We don't know how to "copy" the object...)
What we want to program is the same process as a form login auth in Weblogic Enterprise Server, because we need a more detailed control of the process(lock account after n tries, log of bad logins,...), but we want to make it transparent to the application...

any advice?

Thanks for your help...

Javier

 

[wushutwist]

You are not going to be able to copy the actual HttpServletRequest object (remember Java uses references). You will need to get all of the relevant information from the Request object and then store it away. You may need to streamline your design for this to be an effective process. Wushutwist

 

[javerd]

Yes, there is no way to "clone" the implementation of HTTPRequest...

I will try to extract all the info from the original request, and I'm going to create a class that "implements" the HTTPServletRequest(it will only return the data...) so we don't have to change the way we receive request...

The question behind all of that is why the auth mecanism in applications servers is so simple? Why they don't have a way to have more control over the process?
We also found some security issues that I can't understand... for example, when a login attemp fails, you can't control the number of tries...

Thanks you very much for your help, Wushutwist...

Javier