This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Servlet is acting as a request controller for mutiple JSP pages.
Here are the steps that I am doing.
1. Pass parameters from A.JSP(form parameters) 2. In B Servlet , call request.getParameter to get the parameters 3. Servlet delegates the authentication process to Session bean by passing those parameters. 4. Once "true" is returned from Session beans, Servlet then needs to go to either C.jsp or D.jsp depending on whether parameters were passed from A.jsp or something else.
Please let me know if I can improve this.
However, I am not able to understand one thing. HTTPServletRequest object should return all client information, so why does request.getURI() and other methods that I used before returns me Servlet Path?
If I dont use this approach, then I will have to use 2 different servlets for doing same authentication. In future, if there are N jsp pages, then I will have to write N servlets.
Let me know if I am wrong somewhere.
I thought of another approach where in I pass different parameters from JSP like 1. A.jsp (Email, Password) 2. B.jsp (Email1, password1) then verify on Servlet side which parameters are NULL, if Email and Password are NULL then check Email1 and Password1 and if they are NOT NULL then it basically means, the request came from B.jsp, so on successful authentication go to D.jsp.
Let me know if this is a good approach..however, if there are N JSP pages and each of them send 2 parameters, I believe I will run into the same problem.
So, basically what I thought was to use same parameters on all pages, and depending on where they came from...redirect them to other pages.
Why are you handling authentication in a servlet rather than a filter? There are also other ways to factor out common processing (inheritance, delegation, etc). Triggering behavior based upon the referer is very fragile and a poor practice.
If worse came to worse, include a request parameter to explicitly direct the desired behavior. Relying upon implicit information like the referer is a bug waiting to happen (if you can even getting working reliably).