GWT-登录表单-如果用户名/密码不正确，浏览器总是要求记住密码事件

Question

I have a simple GWT login form and a java servlet used for a simple user login. I am using form submit completion event to handle the response, without redirecting to the action target URL, and I want to handle the answer (password incorrect or all OK or any other custom behavior) on the client side and then take appropriate action. If login is OK, then the browser should ask to remember username and password.

The issue is that for every response, regardless if the username + password combination is correct, the browser always asks to remember them. Any advice? I don't want to load another page because I want to keep the same GWT state. I also tried sending response codes 400 or 401 but it doesn't work (tested in Chrome).

See code below:

GWT onModuleLoad():

        final FormPanel formPanel = new FormPanel();
        formPanel.setEncoding(FormPanel.ENCODING_URLENCODED);
        formPanel.setMethod(FormPanel.METHOD_POST);

        VerticalPanel verticalPanel = new VerticalPanel();
        verticalPanel.add(new Label("Username"));
        TextBox userid = new TextBox();
        userid.setName("username");
        verticalPanel.add(userid);

        verticalPanel.add(new Label("Password"));
        PasswordTextBox passwd = new PasswordTextBox();
        passwd.setName("password");
        verticalPanel.add(passwd);

        verticalPanel.add(new Button("Submit", new ClickHandler() {

            @Override
                public void onClick(ClickEvent event) {
            formPanel.submit();
            }
        }));

        formPanel.add(verticalPanel);

        formPanel.setAction("/login"); 

        formPanel.addSubmitHandler(new FormPanel.SubmitHandler() {
            public void onSubmit(SubmitEvent event) {
            }
        });
        formPanel.addSubmitCompleteHandler(new FormPanel.SubmitCompleteHandler() {
            public void onSubmitComplete(SubmitCompleteEvent event) {
                GWT.log(event.getResults());
            }
        });

        RootPanel.get().add(formPanel);

Java Servlet test:

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        resp.setContentType("text/plain");

        System.out.println("Login request for " + username + " / " + password);
        if (username.equals("test1234")) {
            // send test response to output
            printMessageToOutputStream(resp, "OK", true, true);
        }
        else {
            resp.setStatus(HttpServletResponse.SC_FORBIDDEN); // not working for 400,401,403
            printMessageToOutputStream(resp, "NOK", false , true);
        }
    }

EDIT: I tried also status 403 (Forbidden) and it is not working (I updated the code snippet)

Answer 1

Seems like you always return a 200 http code, causing the browser to think that everything is OK even when the password is wrong.

I fixed your snippet:

   @Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    String username = req.getParameter("username");
    String password = req.getParameter("password");
    resp.setContentType("text/plain");

    System.out.println("Login request for " + username + " / " + password);
    if (username.equals("test1234")) {
        // send test response to output
        printMessageToOutputStream(resp, "OK", true, true);
    }
    else {
        // Hey browser, authentication failed
        resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
        printMessageToOutputStream(resp, "NOK", false , true);
    }
}