wood burning stoves 2.0*
The moose likes JSP and the fly likes custom tag help Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "custom tag help" Watch "custom tag help" New topic
Author

custom tag help

Alan Shiers
Ranch Hand

Joined: Sep 24, 2003
Posts: 237
Hi there,

I was wondering if someone might help me construct a custom tag handler class that either allows or denies access to a given JSP page? I'll start by showing the code I want to replace in all my JSP pages:



What this code is doing is extracting from the session object the companyID and administratorID. Both of these were placed into the session object when the user logged into the system. As we know, when a session times out, these IDs no longer exist, thus I test for null. If either value is null, then I create HTML markup that instructs the user to login again.

So, what would be better is a custom tag that I can call just once, like so:

<%@ taglib uri="stlib-taglib.tld" prifix="stlib" %>
<stlib:allow_admin_access />

The behaviour I want is to prevent the rest of the JSP from loading if the custom tag is unable to obtain the companyID and administratorID from the session object.

I've not create custom tags before and would like some guidance on the tag handler class. Perhaps declare it:



Please advise,

Alan
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60822
    
  65

Rather than dropping a bunch of goo in each page (or even a small amount of goo), this sort of thing is much better handled by a servlet filter. You can make the check and if it passes, let the request processd as normal, if not, forward or redirect to the "access denied" page.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Alan Shiers
Ranch Hand

Joined: Sep 24, 2003
Posts: 237
I've not ever heard of a servlet filter. Could you explain how that works? How is that set up?

With my particular application I have a Main Menu page that has a menu bar at the top. Each menu item points to another jsp page.

Alan
Rishi Kanth
Ranch Hand

Joined: May 23, 2006
Posts: 43
Hello

Filters are similar to servlets except the filters do some pre-processing on request and response objects. You can find more about filters here
http://java.sun.com/products/servlet/Filters.html

I hope this will help you.

Rishi
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60822
    
  65

I wouldn't necessarily say that they are "similar" to servlets as that implies that they are used in place of servlets. Rather, they are used to filter a request going into a servlet (or JSP) -- not replacing a servlet.

I've not ever heard of a servlet filter.


See http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/Filter.html

Could you explain how that works? How is that set up?


You write your filter implementing the javax.servlet.Filter interface. The in the deployment descriptor (web.xml), you declare it and set up a mapping to tell it what URLs to respond to.

An example from one of my apps:



In this example, I declare a filter for authentication. Note that you can specify init params to filters just as youcan for servlets.

Then I map the filter to all requests for servlet CommandBroker (which is my front controller).
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60822
    
  65

P.S. You should get yourself a copy of the Servlet Specification and read it cover to cover. It's an easy read and will clue you in on the mechanisms (like Filters) that are available to you as a web app author.
Alan Shiers
Ranch Hand

Joined: Sep 24, 2003
Posts: 237
Ok, I obtained a tutorial I found on the net and am trying to make it work on my application. So far, this is what I have:



The directory structure for my application goes like this:

webapps/scholastic/Login.jsp
webapps/scholastic/*.jsp
webapps/scholastic/admin/*.jsp
webapps/scholastic/WEB-INF/classes/servlets.class

Now, when I launch the browser and try to go to http://localhost:8080/scholastic/Login.jsp AccessFilter kicks in and since there is no User object in the session object yet, authorized will remain false. The logic continues to the line:

filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);

But in the end I wind up with a Page Not Found 404 error.
I tried changing the <param-value>/scholastic/Login.jsp</param-value> to just <param-value>/Login.jsp</param-value> but this resulted in an endless loop condition with the Tomcat container. "/scholastic/Login.jsp" is the correct relative URL. So I'm stuck at this point.

Please advise,

Alan

[ July 25, 2006: Message edited by: Alan Shiers ]

[ July 25, 2006: Message edited by: Alan Shiers ]
[ July 25, 2006: Message edited by: Bear Bibeault ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60822
    
  65

I don't have time to look at yur code in detail, but be sure that you exempt the login page (any associated pages that do not require authentication) from the authentication check or you'll end up in an infinite loop trying to get to the login page, but being unable to without authentication.
 
 
subject: custom tag help
 
Similar Threads
problem without logout, how to solve it
To use or not to use SingleThreadModel?
Memory leak - Buffer size problem?
type not visible
Instance variables