• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

custom tag help

 
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,

I was wondering if someone might help me construct a custom tag handler class that either allows or denies access to a given JSP page? I'll start by showing the code I want to replace in all my JSP pages:



What this code is doing is extracting from the session object the companyID and administratorID. Both of these were placed into the session object when the user logged into the system. As we know, when a session times out, these IDs no longer exist, thus I test for null. If either value is null, then I create HTML markup that instructs the user to login again.

So, what would be better is a custom tag that I can call just once, like so:

<%@ taglib uri="stlib-taglib.tld" prifix="stlib" %>
<stlib:allow_admin_access />

The behaviour I want is to prevent the rest of the JSP from loading if the custom tag is unable to obtain the companyID and administratorID from the session object.

I've not create custom tags before and would like some guidance on the tag handler class. Perhaps declare it:



Please advise,

Alan
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Rather than dropping a bunch of goo in each page (or even a small amount of goo), this sort of thing is much better handled by a servlet filter. You can make the check and if it passes, let the request processd as normal, if not, forward or redirect to the "access denied" page.
 
Alan Shiers
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've not ever heard of a servlet filter. Could you explain how that works? How is that set up?

With my particular application I have a Main Menu page that has a menu bar at the top. Each menu item points to another jsp page.

Alan
 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello

Filters are similar to servlets except the filters do some pre-processing on request and response objects. You can find more about filters here
http://java.sun.com/products/servlet/Filters.html

I hope this will help you.

Rishi
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I wouldn't necessarily say that they are "similar" to servlets as that implies that they are used in place of servlets. Rather, they are used to filter a request going into a servlet (or JSP) -- not replacing a servlet.

I've not ever heard of a servlet filter.



See http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/Filter.html

Could you explain how that works? How is that set up?



You write your filter implementing the javax.servlet.Filter interface. The in the deployment descriptor (web.xml), you declare it and set up a mapping to tell it what URLs to respond to.

An example from one of my apps:



In this example, I declare a filter for authentication. Note that you can specify init params to filters just as youcan for servlets.

Then I map the filter to all requests for servlet CommandBroker (which is my front controller).
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
P.S. You should get yourself a copy of the Servlet Specification and read it cover to cover. It's an easy read and will clue you in on the mechanisms (like Filters) that are available to you as a web app author.
 
Alan Shiers
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, I obtained a tutorial I found on the net and am trying to make it work on my application. So far, this is what I have:



The directory structure for my application goes like this:

webapps/scholastic/Login.jsp
webapps/scholastic/*.jsp
webapps/scholastic/admin/*.jsp
webapps/scholastic/WEB-INF/classes/servlets.class

Now, when I launch the browser and try to go to http://localhost:8080/scholastic/Login.jsp AccessFilter kicks in and since there is no User object in the session object yet, authorized will remain false. The logic continues to the line:

filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);

But in the end I wind up with a Page Not Found 404 error.
I tried changing the <param-value>/scholastic/Login.jsp</param-value> to just <param-value>/Login.jsp</param-value> but this resulted in an endless loop condition with the Tomcat container. "/scholastic/Login.jsp" is the correct relative URL. So I'm stuck at this point.

Please advise,

Alan

[ July 25, 2006: Message edited by: Alan Shiers ]

[ July 25, 2006: Message edited by: Alan Shiers ]
[ July 25, 2006: Message edited by: Bear Bibeault ]
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't have time to look at yur code in detail, but be sure that you exempt the login page (any associated pages that do not require authentication) from the authentication check or you'll end up in an infinite loop trying to get to the login page, but being unable to without authentication.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic