import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class ProtectedResource extends HttpServlet {

  public void doGet(HttpServletRequest req, HttpServletResponse res)
                               throws ServletException, IOException {
    res.setContentType("text/plain");
    PrintWriter out = res.getWriter();

    // Get the session
    HttpSession session = req.getSession(true);

    // Does the session indicate this user already logged in?
    Object done = session.getValue("logon.isDone");  // marker object
    if (done == null) {
      // No logon.isDone means he hasn't logged in.
      // Save the request URL as the true target and redirect to the login page.
      session.putValue("login.target",
                       HttpUtils.getRequestURL(req).toString());
      String scheme = req.getScheme();
      String serverName = req.getServerName();
      int p = req.getServerPort();
      String port = (p == 80) ? "" : ":" + p;
      res.sendRedirect("../login.html");  // now accepts relative paths
      return;
    }

    // If we get here, the user has logged in and can see the goods
    out.println("Unpublished O'Reilly book manuscripts await you!");
  }
}