How to redirect to main page when user re-login using Apache Shiro and JSP









up vote
0
down vote

favorite












I am new to Apache Shiro and JSP. Right now, I am able to login using Shiro. However, if a user is logged in and the user key in the login page on URL directly like localhost/testing/login.jsp, the system will redirect the user to the login page, so the user continue to key in username and password then the user will stuck there forever eventhough the username and password is correct. In my shiro.ini, I put authc.successUrl = /index.jsp, it is working for the first login but if the scenerio that I just mentioned and it is not going to redirect.



Here is the login form 



<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html> 
<head>
<title>Login Page</title>
</head>
<body>
<section id="login">
<form name="loginform" action="" method="POST" accept-charset="UTF-8">
 <div>
 <input type="text" id="username" name="username">
 <label for="username">Username</label>
 </div>
 <div>
 <input type="password" id="password" name="password">
 <label for="password">Password</label>
 </div>
 <div>
 <input type="submit" value="Login">
 <input type="checkbox" id="rememberMe" name="rememberMe">
 <label for="rememberMe">rememberMe</label>
 </div>
 </form>
</section>
</body>
</html>


Here is my partial shiro.ini file,



authc.loginUrl = /login.jsp
authc.failureKeyAttribute=loginFailure
authc.successUrl = /index.jsp

# name of request parameter with username; if not present filter assumes 'username'
authc.usernameParam = user
# name of request parameter with password; if not present filter assumes 'password'
authc.passwordParam = pass
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
authc.rememberMeParam = remember





java jsp shiro







share|improve this question























  • What redirects is your browser going through? is it ever going to /index.jsp?
    – Brian Demers
    Nov 9 at 15:42










  • Hi sorry for the very late reply. Actually it does redirect to /index.jsp , just that what if the user manually enter the /login.jsp directly into the URL and enter the password and username again eventhought they are already logged in before they enter to this /login.jsp webpage. My question is, is there anyway to detect the user is already logged in and prevent user to go into login page again.
    – Drew
    Nov 13 at 3:27











  • In that case, does the user get redirected to the /index.jsp? If so is there something on that page that is blocking access? Do you have the ShiroFilter in place for all routes?
    – Brian Demers
    Nov 14 at 15:08










  • Nope, the user still in /login.jsp . So far I did not set up anything about blocking access. I didnt set up any ShiroFilter but I have the basic ShiroFilter with all those include and forwards. I think need to find a way to detect current user session. If th system detected the user has logged in then redirect to index page else approch user to login. Right now, I am thinking of using Servlet to check the user session. But is there other ways to detect without using Servlet ?
    – Drew
    Nov 15 at 7:54










  • Can you put together an example app and stick it on GitHub that can reproduce this issue?
    – Brian Demers
    Nov 16 at 14:55














up vote
0
down vote

favorite












I am new to Apache Shiro and JSP. Right now, I am able to login using Shiro. However, if a user is logged in and the user key in the login page on URL directly like localhost/testing/login.jsp, the system will redirect the user to the login page, so the user continue to key in username and password then the user will stuck there forever eventhough the username and password is correct. In my shiro.ini, I put authc.successUrl = /index.jsp, it is working for the first login but if the scenerio that I just mentioned and it is not going to redirect.



Here is the login form 



<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html> 
<head>
<title>Login Page</title>
</head>
<body>
<section id="login">
<form name="loginform" action="" method="POST" accept-charset="UTF-8">
 <div>
 <input type="text" id="username" name="username">
 <label for="username">Username</label>
 </div>
 <div>
 <input type="password" id="password" name="password">
 <label for="password">Password</label>
 </div>
 <div>
 <input type="submit" value="Login">
 <input type="checkbox" id="rememberMe" name="rememberMe">
 <label for="rememberMe">rememberMe</label>
 </div>
 </form>
</section>
</body>
</html>


Here is my partial shiro.ini file,



authc.loginUrl = /login.jsp
authc.failureKeyAttribute=loginFailure
authc.successUrl = /index.jsp

# name of request parameter with username; if not present filter assumes 'username'
authc.usernameParam = user
# name of request parameter with password; if not present filter assumes 'password'
authc.passwordParam = pass
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
authc.rememberMeParam = remember





java jsp shiro







share|improve this question























  • What redirects is your browser going through? is it ever going to /index.jsp?
    – Brian Demers
    Nov 9 at 15:42










  • Hi sorry for the very late reply. Actually it does redirect to /index.jsp , just that what if the user manually enter the /login.jsp directly into the URL and enter the password and username again eventhought they are already logged in before they enter to this /login.jsp webpage. My question is, is there anyway to detect the user is already logged in and prevent user to go into login page again.
    – Drew
    Nov 13 at 3:27











  • In that case, does the user get redirected to the /index.jsp? If so is there something on that page that is blocking access? Do you have the ShiroFilter in place for all routes?
    – Brian Demers
    Nov 14 at 15:08










  • Nope, the user still in /login.jsp . So far I did not set up anything about blocking access. I didnt set up any ShiroFilter but I have the basic ShiroFilter with all those include and forwards. I think need to find a way to detect current user session. If th system detected the user has logged in then redirect to index page else approch user to login. Right now, I am thinking of using Servlet to check the user session. But is there other ways to detect without using Servlet ?
    – Drew
    Nov 15 at 7:54










  • Can you put together an example app and stick it on GitHub that can reproduce this issue?
    – Brian Demers
    Nov 16 at 14:55












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am new to Apache Shiro and JSP. Right now, I am able to login using Shiro. However, if a user is logged in and the user key in the login page on URL directly like localhost/testing/login.jsp, the system will redirect the user to the login page, so the user continue to key in username and password then the user will stuck there forever eventhough the username and password is correct. In my shiro.ini, I put authc.successUrl = /index.jsp, it is working for the first login but if the scenerio that I just mentioned and it is not going to redirect.



Here is the login form 



<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html> 
<head>
<title>Login Page</title>
</head>
<body>
<section id="login">
<form name="loginform" action="" method="POST" accept-charset="UTF-8">
 <div>
 <input type="text" id="username" name="username">
 <label for="username">Username</label>
 </div>
 <div>
 <input type="password" id="password" name="password">
 <label for="password">Password</label>
 </div>
 <div>
 <input type="submit" value="Login">
 <input type="checkbox" id="rememberMe" name="rememberMe">
 <label for="rememberMe">rememberMe</label>
 </div>
 </form>
</section>
</body>
</html>


Here is my partial shiro.ini file,



authc.loginUrl = /login.jsp
authc.failureKeyAttribute=loginFailure
authc.successUrl = /index.jsp

# name of request parameter with username; if not present filter assumes 'username'
authc.usernameParam = user
# name of request parameter with password; if not present filter assumes 'password'
authc.passwordParam = pass
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
authc.rememberMeParam = remember





java jsp shiro







share|improve this question















I am new to Apache Shiro and JSP. Right now, I am able to login using Shiro. However, if a user is logged in and the user key in the login page on URL directly like localhost/testing/login.jsp, the system will redirect the user to the login page, so the user continue to key in username and password then the user will stuck there forever eventhough the username and password is correct. In my shiro.ini, I put authc.successUrl = /index.jsp, it is working for the first login but if the scenerio that I just mentioned and it is not going to redirect.



Here is the login form 



<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html> 
<head>
<title>Login Page</title>
</head>
<body>
<section id="login">
<form name="loginform" action="" method="POST" accept-charset="UTF-8">
 <div>
 <input type="text" id="username" name="username">
 <label for="username">Username</label>
 </div>
 <div>
 <input type="password" id="password" name="password">
 <label for="password">Password</label>
 </div>
 <div>
 <input type="submit" value="Login">
 <input type="checkbox" id="rememberMe" name="rememberMe">
 <label for="rememberMe">rememberMe</label>
 </div>
 </form>
</section>
</body>
</html>


Here is my partial shiro.ini file,



authc.loginUrl = /login.jsp
authc.failureKeyAttribute=loginFailure
authc.successUrl = /index.jsp

# name of request parameter with username; if not present filter assumes 'username'
authc.usernameParam = user
# name of request parameter with password; if not present filter assumes 'password'
authc.passwordParam = pass
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
authc.rememberMeParam = remember





java jsp shiro




java jsp shiro






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 9 at 6:15









Do Nhu Vy

16.3k1487127




16.3k1487127










asked Nov 9 at 6:11









Drew

369




369











  • What redirects is your browser going through? is it ever going to /index.jsp?
    – Brian Demers
    Nov 9 at 15:42










  • Hi sorry for the very late reply. Actually it does redirect to /index.jsp , just that what if the user manually enter the /login.jsp directly into the URL and enter the password and username again eventhought they are already logged in before they enter to this /login.jsp webpage. My question is, is there anyway to detect the user is already logged in and prevent user to go into login page again.
    – Drew
    Nov 13 at 3:27











  • In that case, does the user get redirected to the /index.jsp? If so is there something on that page that is blocking access? Do you have the ShiroFilter in place for all routes?
    – Brian Demers
    Nov 14 at 15:08










  • Nope, the user still in /login.jsp . So far I did not set up anything about blocking access. I didnt set up any ShiroFilter but I have the basic ShiroFilter with all those include and forwards. I think need to find a way to detect current user session. If th system detected the user has logged in then redirect to index page else approch user to login. Right now, I am thinking of using Servlet to check the user session. But is there other ways to detect without using Servlet ?
    – Drew
    Nov 15 at 7:54










  • Can you put together an example app and stick it on GitHub that can reproduce this issue?
    – Brian Demers
    Nov 16 at 14:55
















  • What redirects is your browser going through? is it ever going to /index.jsp?
    – Brian Demers
    Nov 9 at 15:42










  • Hi sorry for the very late reply. Actually it does redirect to /index.jsp , just that what if the user manually enter the /login.jsp directly into the URL and enter the password and username again eventhought they are already logged in before they enter to this /login.jsp webpage. My question is, is there anyway to detect the user is already logged in and prevent user to go into login page again.
    – Drew
    Nov 13 at 3:27











  • In that case, does the user get redirected to the /index.jsp? If so is there something on that page that is blocking access? Do you have the ShiroFilter in place for all routes?
    – Brian Demers
    Nov 14 at 15:08










  • Nope, the user still in /login.jsp . So far I did not set up anything about blocking access. I didnt set up any ShiroFilter but I have the basic ShiroFilter with all those include and forwards. I think need to find a way to detect current user session. If th system detected the user has logged in then redirect to index page else approch user to login. Right now, I am thinking of using Servlet to check the user session. But is there other ways to detect without using Servlet ?
    – Drew
    Nov 15 at 7:54










  • Can you put together an example app and stick it on GitHub that can reproduce this issue?
    – Brian Demers
    Nov 16 at 14:55















What redirects is your browser going through? is it ever going to /index.jsp?
– Brian Demers
Nov 9 at 15:42




What redirects is your browser going through? is it ever going to /index.jsp?
– Brian Demers
Nov 9 at 15:42












Hi sorry for the very late reply. Actually it does redirect to /index.jsp , just that what if the user manually enter the /login.jsp directly into the URL and enter the password and username again eventhought they are already logged in before they enter to this /login.jsp webpage. My question is, is there anyway to detect the user is already logged in and prevent user to go into login page again.
– Drew
Nov 13 at 3:27





Hi sorry for the very late reply. Actually it does redirect to /index.jsp , just that what if the user manually enter the /login.jsp directly into the URL and enter the password and username again eventhought they are already logged in before they enter to this /login.jsp webpage. My question is, is there anyway to detect the user is already logged in and prevent user to go into login page again.
– Drew
Nov 13 at 3:27













In that case, does the user get redirected to the /index.jsp? If so is there something on that page that is blocking access? Do you have the ShiroFilter in place for all routes?
– Brian Demers
Nov 14 at 15:08




In that case, does the user get redirected to the /index.jsp? If so is there something on that page that is blocking access? Do you have the ShiroFilter in place for all routes?
– Brian Demers
Nov 14 at 15:08












Nope, the user still in /login.jsp . So far I did not set up anything about blocking access. I didnt set up any ShiroFilter but I have the basic ShiroFilter with all those include and forwards. I think need to find a way to detect current user session. If th system detected the user has logged in then redirect to index page else approch user to login. Right now, I am thinking of using Servlet to check the user session. But is there other ways to detect without using Servlet ?
– Drew
Nov 15 at 7:54




Nope, the user still in /login.jsp . So far I did not set up anything about blocking access. I didnt set up any ShiroFilter but I have the basic ShiroFilter with all those include and forwards. I think need to find a way to detect current user session. If th system detected the user has logged in then redirect to index page else approch user to login. Right now, I am thinking of using Servlet to check the user session. But is there other ways to detect without using Servlet ?
– Drew
Nov 15 at 7:54












Can you put together an example app and stick it on GitHub that can reproduce this issue?
– Brian Demers
Nov 16 at 14:55




Can you put together an example app and stick it on GitHub that can reproduce this issue?
– Brian Demers
Nov 16 at 14:55












1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










Just put 



<shiro:authenticated>
<c:redirect url="index.jsp"/>
</shiro:authenticated>


in your login page first few lines of html






share|improve this answer




















  • Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
    – Drew
    Nov 29 at 17:03










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53220685%2fhow-to-redirect-to-main-page-when-user-re-login-using-apache-shiro-and-jsp%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote



accepted










Just put 



<shiro:authenticated>
<c:redirect url="index.jsp"/>
</shiro:authenticated>


in your login page first few lines of html






share|improve this answer




















  • Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
    – Drew
    Nov 29 at 17:03














up vote
0
down vote



accepted










Just put 



<shiro:authenticated>
<c:redirect url="index.jsp"/>
</shiro:authenticated>


in your login page first few lines of html






share|improve this answer




















  • Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
    – Drew
    Nov 29 at 17:03












up vote
0
down vote



accepted







up vote
0
down vote



accepted






Just put 



<shiro:authenticated>
<c:redirect url="index.jsp"/>
</shiro:authenticated>


in your login page first few lines of html






share|improve this answer












Just put 



<shiro:authenticated>
<c:redirect url="index.jsp"/>
</shiro:authenticated>


in your login page first few lines of html







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 29 at 12:42









Dev

3,61321626




3,61321626











  • Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
    – Drew
    Nov 29 at 17:03
















  • Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
    – Drew
    Nov 29 at 17:03















Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
– Drew
Nov 29 at 17:03




Hi, your method is working but i found another way to solve it but using servlet to check current user session. For future reference, if using your method then we need to add these 2 libraries <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> . Btw, thank you for providing another method.
– Drew
Nov 29 at 17:03

















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53220685%2fhow-to-redirect-to-main-page-when-user-re-login-using-apache-shiro-and-jsp%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-