Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/17Franco/CulturarteWeb/llms.txt

Use this file to discover all available pages before exploring further.

The Login servlet is the authentication gateway for CulturarteWeb. On a successful login it creates an HTTP session, stores the user’s nickname and role, and redirects them to the main BuscadorPropuestas page. Credentials are validated by calling the remote ControllerWS SOAP service, keeping all business logic outside the web tier.

GET /Login

Redirects the browser directly to the login/registration page. No parameters are required.
BehaviourDetail
Redirect target/InicioSesion_Registro.jsp
HTTP status302 Found
Use this endpoint when you need to send a user to the login screen programmatically (e.g. from a navigation link or a filter).

POST /Login

Processes the credentials submitted by the login form.

Request parameters

Nickname
string
required
The user’s unique nickname. Must match a registered account in the ControllerWS backend.
password
string
required
The user’s plain-text password. It is transmitted to the SOAP service for validation and is never stored by the servlet itself.

SOAP calls

The servlet resolves the SOAP endpoint URL at runtime from config.properties and makes two sequential calls:
  1. portU.login(nick, pass) — returns boolean. true means the credentials are valid.
  2. portU.isProponente(nick) — returns boolean. Determines whether the authenticated user holds the Proponente or Colaborador role.

Session attributes set on success

When portU.login() returns true (and the mobile restriction below is not triggered), the following attributes are written to the HttpSession:
AttributeTypeValue
logueadoStringThe authenticated user’s nickname
tipoUserString"Proponente" or "Colaborador"

Success response

302 Found → redirects to {contextPath}/ (mapped to the BuscadorPropuestas welcome servlet via web.xml).

Failure response

When portU.login() returns false, or any exception is thrown during the SOAP call, the servlet sets a request attribute and forwards back to the login page:
AttributeValue
errorMessage"Nick o Contrasena Incorrectos." (bad credentials) or "No se pudo Iniciar Sesion." (SOAP error)
The forward target is /InicioSesion_Registro.jsp, which renders the message inside a Bootstrap alert-danger block.

Mobile device restriction

The servlet inspects the User-Agent request header. A device is considered mobile when the header contains any of the following strings:
TokenDevices matched
MobiGeneric mobile browsers
AndroidAndroid phones and tablets
iPhoneApple iPhone
iPadApple iPad
TouchTouch-screen browsers
Rule: If the authenticated user is a Proponente and the device is mobile, access is denied. The session is not created and the following error is forwarded to the JSP:
“Acceso denegado: Los Proponentes no pueden iniciar sesión desde dispositivos móviles.”
Colaborador accounts are not subject to this restriction and may log in from any device.

curl example

The form submits via application/x-www-form-urlencoded. The following command simulates that POST. Replace JSESSIONID in subsequent requests with the cookie returned by the server.
# Perform login and capture the session cookie
curl -i -c cookies.txt \
  -X POST \
  -d "Nickname=johndoe&password=s3cr3t" \
  http://localhost:8080/CulturarteWeb/Login
CulturarteWeb uses the standard Jakarta EE HttpSession (cookie-based). The server returns a Set-Cookie: JSESSIONID=... header on successful login. Every subsequent request to a protected endpoint must include this cookie. The -c cookies.txt / -b cookies.txt flags in curl handle this automatically. Sessions expire after 30 minutes of inactivity (configured in web.xml).

Session timeout

The session lifetime is declared in WEB-INF/web.xml:
<session-config>
    <session-timeout>30</session-timeout>
</session-config>
After 30 minutes of inactivity the container invalidates the session. The user will be redirected to the login page on their next request to any protected resource.

Build docs developers (and LLMs) love