Thank you very much for your useful suggestion.
I am buiding a small system according to what you have said. The web application uses the MVC model. JSP is responsible for the View. A servlet called dispatcher is the Control, responsible for dispatching the read, insert, update requests from JSPs. JavaBean is the Model, responsible for completing the operatons to the database. The methods read, insert and update are written in this bean.
To an access control before each of read, insert and update methods is called, I need a filter now. Can I map the filter to the dispatcher severlet and how? Or map it to the JSPs? I prefer to map the filter to the dispatcher servlet, because there is only one servlet there. If I map it to JSPs, there will be many scattered JSPs to map.
Thanks again.
Lily
From: QM <[EMAIL PROTECTED]> Reply-To: "A mailing list for discussion about Sun Microsystem's Java Servlet API Technology." <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Can servlet filter be applied to a method of a Java Bean Date: Mon, 22 Sep 2003 10:33:32 -0500
: The problems are: : 1. Can a filter be applied to a method of a Java Bean?
Not directly, no.
Servlet filters may only be applied to web requests, either URL patterns like "/protected/*" or file-extension patterns such as "/*.do".
Try not to think of protecting methods, but protecting procedures or actions: You have some business task, "read," that you want to be available via the web. To make this accessible from the web tier, you would
- create some object/method that encapsulates the business request; we'll call that SomeBean.read()
- create a servlet that calls SomeBean.read(); said servlet would be responsible for gathering params from the web request and passing them to SomeBean.read()
- create a filter to perform your auth/access control
- map said servlet to a URI that is protected by said filter
This addresses your original goals:
- access by the end-users (via their web browsers) is managed by your filter; only the proper people may perform the "read" business task.
- other methods in your business logic may call one another without restriction.
One additional benefit of taking the "API called by a servlet" route is that your core business logic is separated from the web-acess and web-presentation thereof.
-QM
--
C++ / Java / SSL http://www.brandxdev.net/
___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
_________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
