"Ritzen, Robert" wrote:
> Hi!
> I'm wondering about how javabeans(if they do!) fits in to the Servlet
> Dispatcher design pattern?
> Am I right that all request are supposed to go through the servlet which is
> responsible for
> authentication and delegation to helper classes and then forwards the
> display action to jsp pages via
> ReguestDispatcher?
> Where do the javabeans fit into this scheme? If I instansiate javabeans in
> my jsp pages then i will evade
> my servlet pattern with all authentication stuff, don't I?
>
One approach to this is illustrated in the Struts Framework
<http://jakarta.apache.org/struts>. The typical processing for a request goes
like this:
* The request is submitted to a controller servlet, with a request URI
that describes what action class you want to call.
* The action class performs the business logic (simple cases) or uses
JavaBeans or EJBs that encapsulate the business logic (more complex cases).
* The business logic represents the results of its efforts as JavaBeans, which
are stored as request attributes (if they are only needed for this response)
or
session attributes (if they need to stick around longer).
* The controller servlet then forwards control to a JSP page that will create
the visual response. (In Struts, you register logical names of pages, so
the business logic writer can say "go to the list customers page" without
knowing what URL the page designer is going to use for that page).
* The forwarded-to JSP page uses the request and session attributes stored
by the business logic to create the actual response that the user sees.
So, JavaBeans play the role of encapsulating business logic, and the role of
containing per-request or per-session state information needed to create the
response page.
In order to ensure that the user is always properly logged on, you have several
choices:
* Use container-managed security (i.e. <security-constraint> declarations
in your web.xml file) and let the servlet container worry about it. This is
by
far the simplest to program, but you need to learn how to register users and
passwords in the "user database" supported by your servlet container.
* Include a scriptlet or custom tag at the top of every JSP page that checks
for the existence of a particular session attribute, and forwards to the
login page if it is not present. The login processing, when the user is
correctly
recognized, creates this session attribute so that the user appears to be
logged on throughout the remainder of the current session.
(The Struts example app does this).
* In a Servlet 2.3 environment, you can create a Filter that sees all requests
coming in, and redirects to the login page if the user is not currently
logged on.
>
> Robert
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
