File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes user session questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "user session questions" Watch "user session questions" New topic
Author

user session questions

John Schretz
Ranch Hand

Joined: Sep 10, 2008
Posts: 188
I am creating the sdmin portion of my site. When the user logs in i set the user object to the session. In my servlet that i use for my admin part of the site i always first check to see if the user is null.

If the user is null i redirect back to the login page.

1. Do i need to set the user in the session only once or do i have to do

session.getAttribute("user")

Check for null

then session.setAttrubite("user") in every single servlet that is in the admin portion of my app?

2. Should i also be checking to see if the user is null on all the jsp pages or just in the servlets?

3. does every page have to be no-cached?

i am getting weir instances where i am navigating through and i get thrown back to the login page without logging out.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

1. Only once.

2. Neither. This is best performed in a filter.

3. Only pages you don't want cached (e.g anything with active data).


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
John Schretz
Ranch Hand

Joined: Sep 10, 2008
Posts: 188
thanks

i saw some info about the filters, but not any good examples. Do you have any links or short examples you could point me to on the best way to achieve that?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

Google "servlet filter" lotsa good info out there!
John Schretz
Ranch Hand

Joined: Sep 10, 2008
Posts: 188
ok read some usefull stuff,
a few more questions

1. Do you have to use form base authentication like j_security_check or can i use my database?

2. SHould all the jsp pages be in a seprate folder when using the filter
e.g admin folder?

thanks again
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

1. No. I never do. I roll my own authentication for maximum flexibility.

2. I never directly address a JSP. I always use a servlet page controller (Model 2). So filters only get applied to servlet URL mappings, never JSPs.
John Schretz
Ranch Hand

Joined: Sep 10, 2008
Posts: 188
ok the sample code i was looking at used a folder called secure and all the jsp file were in that folder, that you needed a login to get to. if i do it using servlets do i need to do filter mapping to each and every servlet for that area of the application the user needed a login for?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

Usually, individual servlets are not mapped in the web.xml. Rather, a Front Controller pattern is used. See this article for more info on that.

In such a case, it's easy to construct URLs that adhere to any pattern you'd like. Certain patterns can be checked, and others can be ignored when checking for login credentials.
John Schretz
Ranch Hand

Joined: Sep 10, 2008
Posts: 188
yes i have read that article. i havent firmly grasped the front control pattern yet. so in my case is it possible to just map the servlets in the web.xml
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

Sure it is. It just gets unwieldily once a web app starts defining even a moderate number of servlets.

For a really simple implementation of a Front Controller, you might want to check out my Front Man project (see below).
John Schretz
Ranch Hand

Joined: Sep 10, 2008
Posts: 188
ok cool i will check that out. thanks again
 
wood burning stoves
 
subject: user session questions