The
forward method of the RequestDispatcher interface may only be called by the callingservlet if no output has been committed to the client. If output exists in the response buffer that has
not been committed, it must be reset (clearing the buffer) before the target servlet�s
servicemethod is called. If the response has been committed, an
IllegalStateException must bethrown.
The path elements of the request object exposed to the target servlet must reflect the path used to
obtain the
RequestDispatcher. The only exception to this is if the RequestDispatcherwas obtained via the
getNamedDispatcher method. In this case, the path elements of therequest object reflect those of the original request.
Before the
forward method of the RequestDispatcher interface returns, the response mustbe committed and closed by the servlet container.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Grant Doran
Sent: Thursday, November 09, 2000 6:52 PM
To: Orion-Interest
Subject: Servlet regains control after execution of .Forward()
Hi,
(Orion 1.3.8, Windows NT 4, JDK1.3)
This should not be possible, but it is happening. After executing the forward() method, control IS returning to the forwarding servlet. I have checked the archives and found that this has been an issue in previous versions of orion.Here is the offending fragment:
---------------------------------------------------
if (condition XXX)
{
request.getSession().setAttribute("username",username);
request.getSession().setAttribute("password",password);
System.out.println("[GATEWAYSERVLET]User has now logged in and is being redirected to reception");
request.getSession().setAttribute("LoginFailure","false");
getServletContext().getRequestDispatcher("/index.jsp").forward(request, response);
}
else
{
System.out.println("[GATEWAYSERVLET]Authentication failure. Username:[" + username + "] Password:[" + password + "]");request.getSession().setAttribute("LoginFailure","true");
getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
}
System.out.println("BUGGER ME! I AM HERE AFTER ALL");
----------------------------------------------------------------Here is the output
----------------------------------------------------------------
[GATEWAYSERVLET]User has now logged in and is being redirected to reception
[INDEX.JSP]Session is established. UserId = gdoran. Printing frames with menus etc.
BUGGER ME! I AM HERE AFTER ALL
----------------------------------------------------------------How can this be? Execution of the servlet(thread) is supposed to cease immediately and control handed to the target.
Am I missing something?
While I'm at it, does anyone know where I can obtain a good pattern example of JSP/Servlet based authentication, with a login page for any unauthenticated requests. I am pushing all requests through a single controller servlet and checking their session object for the required attributes, but I seem to be having problems with retrieving the session. Sometimes the attributes are there, sometimes they aren't.
Any guidance would be greatly appreciated.
Grant Doran
Principle Architect
iLaunch inc.
(02) 89257055
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
