• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

user session questions

 
John Schretz
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am creating the sdmin portion of my site. When the user logs in i set the user object to the session. In my servlet that i use for my admin part of the site i always first check to see if the user is null.

If the user is null i redirect back to the login page.

1. Do i need to set the user in the session only once or do i have to do

session.getAttribute("user")

Check for null

then session.setAttrubite("user") in every single servlet that is in the admin portion of my app?

2. Should i also be checking to see if the user is null on all the jsp pages or just in the servlets?

3. does every page have to be no-cached?

i am getting weir instances where i am navigating through and i get thrown back to the login page without logging out.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. Only once.

2. Neither. This is best performed in a filter.

3. Only pages you don't want cached (e.g anything with active data).
 
John Schretz
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks

i saw some info about the filters, but not any good examples. Do you have any links or short examples you could point me to on the best way to achieve that?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Google "servlet filter" lotsa good info out there!
 
John Schretz
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok read some usefull stuff,
a few more questions

1. Do you have to use form base authentication like j_security_check or can i use my database?

2. SHould all the jsp pages be in a seprate folder when using the filter
e.g admin folder?

thanks again
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. No. I never do. I roll my own authentication for maximum flexibility.

2. I never directly address a JSP. I always use a servlet page controller (Model 2). So filters only get applied to servlet URL mappings, never JSPs.
 
John Schretz
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok the sample code i was looking at used a folder called secure and all the jsp file were in that folder, that you needed a login to get to. if i do it using servlets do i need to do filter mapping to each and every servlet for that area of the application the user needed a login for?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Usually, individual servlets are not mapped in the web.xml. Rather, a Front Controller pattern is used. See this article for more info on that.

In such a case, it's easy to construct URLs that adhere to any pattern you'd like. Certain patterns can be checked, and others can be ignored when checking for login credentials.
 
John Schretz
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes i have read that article. i havent firmly grasped the front control pattern yet. so in my case is it possible to just map the servlets in the web.xml
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64617
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure it is. It just gets unwieldily once a web app starts defining even a moderate number of servlets.

For a really simple implementation of a Front Controller, you might want to check out my Front Man project (see below).
 
John Schretz
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok cool i will check that out. thanks again
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic