• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to refactor session attribute and request parameter processing ?

 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am currently in the last stage of my java programmer certification and working on a final assignment, designing and developing a web based application using (among others) J2EE and JSTL. So i have some knowledge but have still quite some to learn...

In my application i have 2 servlets, both extending the HttpServlet and having a doGet and a doPost method. All 4 methods do have more or less the same statements to process request parameters and session attributes, for example to detect if the user is authenticated or has admin privileges, like in the snippet below.

Is there a good way to prevent multiplication of this code. I do not see any advantages to bring this code into an external class, because processing al return information also will bring you to the same number of statements. Only advantage here is that the logic is in one place. Using attributes is also no option because attributes are shared among all sessions since each session is an instance (thread) of the HttpServlet class. Are there any good practices regarding my issue (google around on request parameters , session attributes and refactoring but did not find any good topic..)



Cheers Peter
 
Ranch Hand
Posts: 247
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you using Database Tables to store the User details?... If so, you can pass the user details and query the tables...
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Peter van Nes wrote:for example to detect if the user is authenticated or has admin privileges..


For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves.

That would not only be a better application of the principle of Separation of Concerns, but would solve your repeat-code problem.

 
Peter van Nes
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@ Ram Narayan.M; Yes username and SHA digest of password are stored in the Db. I already use a servlet to handle the authentication using the DB so do not quite understand how this answers my question.

@Bear Bibeault; Interesting feature i not have knowledge of. But short examination of web.xml documentation shows that you can filter the access to an servlet (or path) using a defined class. For my example code which i indeed use, i will see if i am able to implement this before the deadline of the assignment. (Thanks ! would never have implemented security at this level without the hint.) Still... i have other session attributes not related to authentication/authorization. So my question stands, are there any good practices regarding preventing code duplication processing session attributes and/or request parameters?

cheers,

Peter
reply
    Bookmark Topic Watch Topic
  • New Topic