This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I have come across some security access filters which are using request.getRequestDispatcher(...).forward() and .include() from within the filter. If the user is not authorised, they get forwarded to an error page from within the filter.
Does this seem an acceptable technique to use or should we consider other options such as writing the html page from the filter?
The .include() is being used in one place to call in a servlet that does a bunch of checks and being used for other things too.
The secret to creativity is knowing how to hide your sources.