Redirect to a servlet after login?

Question

I'm using form based authentication to protect my pages, or at least I will be soon.

I have only recently learnt of the specifics of this and before had my own homegrown system (it's an internal system that only 5 people are logging into, but still I'd like to do it the 'Java Standard' way if possible).

I would like to store several objects in the session whenever someone logs into my application, as I do currently in my homegrown implementation. However, with this container managed security I am struggling to grasp how to do that, or at least the way that is considered best practice.

After I attempt to navigate to a page and am redirected to the login page, login correctly, I am then, logically taken to my initial destination, which is correct. What is the best way for me to then add say, a UserBean to the session? Should I do it in a filter? or can I redirect to a servlet after each login attempt?

Any guidance is very much appreciated. Thanks.

Answer 1

A servlet filter is almost certainly the right solution for this situation. To ensure the content of the filter only runs once per login, I'd suggest setting it up something like this:

if(session.getAttribute(firstLoginFlag) == null){
    //load UserBean
    //do whatever else
    session.setAttribute(firstLoginFlag, true);
}
chain.doFilter(request, response);

This is generally better than redirecting to a servlet because it makes the filter independent of any other pages or logic in your application, you don't have to put any logic in it to push the user somewhere else once your loading of the UserBean and any other stuff is complete.