Dennis Sosnoski <[EMAIL PROTECTED]> wrote:
>
>James Davidson wrote:
>>
>> > You need to look at servlet chaining I think.
>> > Either that or meld the 3 servlets into one.
>>
>> Servlet chaining is non-portable between servers -- it's not even part of
the
>> servlet specification. Use request dispatchers instead, or better yet,
refactor
>> your application.
>>
>> Remember that servlets should be an "entry point" into your
application -- just
>> like `public static void main(String[] args)`. You wouldn't call
component
>> through their public static void main methods in most cases, why should
your
>> servlets be any different? Food for thought.
>
>This topic comes up fairly often, and for a good reason - there's often no
other
>way of handling things cleanly.
>
>One example is trying to use a servlet approach for authorization, where
you
>really want to have all requests run through a single servlet which in turn
>either passes them on for default processing or sends back an error page if
the
>user does not have access. If everything you're doing is in Java code you
>control (i.e., have the source for and can modify as necessary) then the
request
>dispatcher approach would work, with some possibly substantial extra
effort.
>Otherwise, you're left with having to write custom code for your particular
web
>server (which probably will need to be in C/C++, something I really try to
>avoid). I've been through this myself in one enterprise application.
Here's how you could do this without chaining:
Create a servlet called AuthServlet that does your authentication for HTML
pages. Alias it to "*.html" or "/" or whatever you want so all requests go
through it. Its service method would look something like this:
public void service( ServletRequest req, ServletResponse res )
{
MyAuthenticationClass.doAuthentication( req, res );
}
Now, at the beginning of the service (or doPost or doGet or whatever) method
of all of your other servlets, add this line:
MyAuthenticationClass.doAuthentication( req, res );
Authentication will now happen whether an HTML file or a servlet is being
called. It's a tiny bit of extra work (adding that one line of code to every
servlet), but it will work on all servers.
Erik
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
