I'm having a hard time understanding the three tiered client/server design when using user authorization. Could anyone offer any insight to my confusion? Thanks.
posted 15 years ago
Here's a quick thought that may help. An actual three tiered design is more a model/view/controler design where the model represents your data, the view is a presentation servlet, and the controllers are middle layer 'business logic' classes that make a connection between the presentation and the data. This disconnects the presentation from the data. When dealing with authentication in a web site, for instance, you might be thinking of how to handle logged in and logged out clients (which all happens at the servlet level). Here's a nice method. 1) create a superclass servlet that extends the HttpServlet. 2) within this servlet do an authentication check 3) have all you other servlets extend you custom superclass and call super.doPost( ... ) (or similar) 3) If the authenticate fails, then redirect the user in the superclass servlet, otherwise, things will procede as normal in the called Servlet. I hope this is along the line of what you were asking, if not, maybe some can jump in Sean