GeeCON Prague 2014*
The moose likes Servlets and the fly likes Application flow Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Application flow" Watch "Application flow" New topic
Author

Application flow

Eduardo Bueno
Ranch Hand

Joined: Jun 04, 2009
Posts: 155
Hello ranchers,

I'm trying to develop a simple application with Servlet and JSP. I'm using a controller approach, like FrontMan.

Let's say my first action is "/login.do". My ControllerServlet will call LoginCommand which will handle all business logic and forward the request to my search page. So, what is the better way here? Should I use forward command along with my page's URI, like this:


Right now my application is implemented like that, but I'm not sure if I'm in the right track.

Also, I want to know how to "remove" the command from the URI when doing a forward like above.
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
I'm not too sure what 'command' you mean?

Do you mean passing the jsp page as a request parameter ? This is not a good idea, since it can easily be manipulated and result in weird outputs and also security leaks.


JDBCSupport - An easy to use, light-weight JDBC framework -
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61298
    
  66

Eduardo Bueno wrote:Right now my application is implemented like that, but I'm not sure if I'm in the right track.


Whether to forward or redirect depends on whether the command that was executed is idempotent or not. For example, you don;t want to forward after a delete operation because hitting the refresh button will re-execute the delete command.

Take a look at this article paying particular attention to the PRG pattern explanation.

Also, I want to know how to "remove" the command from the URI when doing a forward like above.

You don't. Whatever the most recent URI that was sent by the browser is what will appear in the address bar. Trying to change it is useless. Rather, adhere to PRG as described in the article so that there are never any hanging time bombs in the displayed URI.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
Eduardo Bueno wrote: Should I use forward command along with my page's URI, like this:

You can pass various information through various ways one of them is passing command to JSP.
Eduardo Bueno wrote:Also, I want to know how to "remove" the command from the URI when doing a forward like above.



In general, it's standard way to follow MVC Architecture.

(Darn, I am late)
Eduardo Bueno
Ranch Hand

Joined: Jun 04, 2009
Posts: 155
Bear Bibeault wrote:
Whether to forward or redirect depends on whether the command that was executed is idempotent or not. For example, you don;t want to forward after a delete operation because hitting the refresh button will re-execute the delete command.

Take a look at this article paying particular attention to the PRG pattern explanation.

Also, I want to know how to "remove" the command from the URI when doing a forward like above.

You don't. Whatever the most recent URI that was sent by the browser is what will appear in the address bar. Trying to change it is useless. Rather, adhere to PRG as described in the article so that there are never any hanging time bombs in the displayed URI.

I don't get the point at all when reading to your article. In theory it is beautiful, but I'm lost when it comes to practice.

The application starts with Login.jsp page. I enter username and password, Spring security validates it and then redirect to the URI I desire if no errors occur. This URI is set to "Login.do", so it will go by my Controller (which is mapped with "*.do"). The way I am discerning commands is using request.getServletPath(). This first time, "Login.do", will insert the user as an attribute in the session and forward to "Search.do", so it goes again by my Controller, this time doing the SearchCommand business logic, which then forwards to the JSP page.

Note that I didn't use any redirect here, since there is no state change, just data fetching.
My problem is now when the JSP has already shown the data to the user: any submit that is done will again execute the login command, because the URI is set to "MyProject/Login.do".

My conclusion is that using request.getServletPath() to discern between commands is not a good approach. So, does anyone have a good recommendation?
Vikas Kapoor
Ranch Hand

Joined: Aug 16, 2007
Posts: 1374
Ok so you are using Spring MVC.
Which controller you are using?
My conclusion is that using request.getServletPath() to discern between commands is not a good approach. So, does anyone have a good recommendation?
I am also using Spring and I have never faced this problem. You can bind command to your controller i.e. your request.

Note that I didn't use any redirect here, since there is no state change, just data fetching.
My problem is now when the JSP has already shown the data to the user: any submit that is done will again execute the login command, because the URI is set to "MyProject/Login.do".

How come it will execute login controller again? It will execute the controller based on the mapping and the "string" that you have specified in action attribute of form tag. But by 'Submit' if you are referring the page refresh (through browser) then yes it will execute login controller again. To avoid that and to change the URI you can redirect to home page after successful login and map to home controller with mapping like home.do.

Is this what you are asking?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61298
    
  66

If Login.do will re-execute an undesirable action, it should never be the end point of the request.
Eduardo Bueno
Ranch Hand

Joined: Jun 04, 2009
Posts: 155
I'm not using Spring MVC, where did you take that from? I said I'm using Spring security, these are totally different things.

Please read the post carefully, you are making it really confuse. It will execute login command again, not controller; the controller is always the same. This happens because the URI is MyProject/Login.do, the one Spring security redirected to after validating the login, and the one I desire changing because the forward command is not able to do it.

Bear Bibeault wrote:If Login.do will re-execute an undesirable action, it should never be the end point of the request.

The problem is Login.do will be called by Spring security, and I'm almost sure this is a redirect because it changes the browser's URI. So, should I redirect to Search.do (the home page) after my business logic in LoginCommand? If I do this I will lose every request scope attribute that I need in SearchCommand.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61298
    
  66

Eduardo Bueno wrote:So, should I redirect to Search.do (the home page) after my business logic in LoginCommand?

Yes. That breaks the request chain so that a refresh can not call up the previous, undesirable action.

If I do this I will lose every request scope attribute that I need in SearchCommand.

Then they are being set in the wrong place. They should be set in what action serves as the page controller for the search page, which should be the target of the redirect.

What do the search scoped variables have to do with login? Nothing. The logic for search should not be closely coupled with that of login.
Eduardo Bueno
Ranch Hand

Joined: Jun 04, 2009
Posts: 155
Thanks Bear and others for the answers, I got the point.
 
GeeCON Prague 2014
 
subject: Application flow