Marc Krisjanous wrote:
> Hi all,
> I have seen some discussions on the Servlet Controller concept here and I
> would like to know how you can stop other Servlets or users for that matter,
> calling other Servlets that are only allowed to be called by the Servlet
> Controller.
>
There are two general approaches:
* Do not use "other" servlets at all -- instead, force all requests to go
through the controller servlet. If you are using a typical MVC design
pattern like that used in the Struts framework <http://jakarta.apache.org/struts>
there will be only one servlet in a web application. All the action classes
will be actions, not servlets, and therefore not directly accessible.
* Use login authentication and security checks, either using container
managed security provided by your container (and defined in the web.xml
file), or application-provided approaches such as redirecting to a login
page if a specific session object is not present.
> Best Regards
>
> Marc
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
