This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have come across some security access filters which are using request.getRequestDispatcher(...).forward() and .include() from within the filter. If the user is not authorised, they get forwarded to an error page from within the filter.
Does this seem an acceptable technique to use or should we consider other options such as writing the html page from the filter?
The .include() is being used in one place to call in a servlet that does a bunch of checks and being used for other things too.
The secret to creativity is knowing how to hide your sources.