My design (although working) may need improvement. (I have an excuse, its my first, and only 6 months into
j2ee design/implement. But yes, there is no excuse for stuff blowing up in production.)
But the application was installed already last week, and I am researching if that sole logic on 'control' is bullet-proof.
That is:
1. The (j2ee) system will allow entry, only on those 3 servlet mapping (The class are inside web-inf, therefore are not accessible directly? ; whether server was set to allow direct or indirect component access).
2. That that method getServletPath will return those 3 exact
String.
(The system is on https and has authentication.)