Bruce,
I think a good approach to this problem is for every servlet you write to
extend from a new super class servlet (which you write) which extends from
HttpServlet. Then, override the 'service(HttpServletRequest request,
HttpServletResponse)' method that HttpServlet gives you and insert your
authentication/is session present code there. You would then have service
invoke it's super method for service and everything would work (ie: service
in HttpServlet makes the calls to doGet() and doPost()).
For the authentication portion of your problem, you could probably put an
object into the session which contains a flag indicating that the user was
already validated. For instance, in your main jsp page (for example), after
you validate the user, insert an object with the user's id into the session.
Then, when your service method is invoked (in the super class), it'll simply
look for the object and know that if it's out there, the user was already
validated and continue. Otherwise, it would send the user to an error page
or back to the login page.
This approach would allow you to not have to explicitly do authentication
checking as everything's been taken care of for you.
Erik Sahl
[EMAIL PROTECTED]
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Bruce
> Bantos
> Sent: Friday, May 21, 1999 1:53 PM
> To: [EMAIL PROTECTED]
> Subject: Subclassing an Authentication Servlet
>
>
> I am trying to subclass a base servlet that handles
> authentication, to make
> sure that any servlet that subclasses the base servlet is forced to log in
> if a session object is not found. Can anyone give me an example,
> even a very
> general one? I have tried to do this previously, but the way I
> did it was to
> pass the HttpServlet Request, Response, and my session object to an
> authentication method in my base class. This meant that I had to call the
> authentication method in my doGet, doPost for every servlet. I
> want do find
> a way to do this automatically, so there is no chance of forgetting to put
> that call to the base class in. Thanks!
>
> -Bruce
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
