aspose file tools*
The moose likes Servlets and the fly likes How to refactor session attribute and request parameter processing ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to refactor session attribute and request parameter processing ?" Watch "How to refactor session attribute and request parameter processing ?" New topic
Author

How to refactor session attribute and request parameter processing ?

Peter van Nes
Greenhorn

Joined: Jun 09, 2010
Posts: 29
Hi,

I am currently in the last stage of my java programmer certification and working on a final assignment, designing and developing a web based application using (among others) J2EE and JSTL. So i have some knowledge but have still quite some to learn...

In my application i have 2 servlets, both extending the HttpServlet and having a doGet and a doPost method. All 4 methods do have more or less the same statements to process request parameters and session attributes, for example to detect if the user is authenticated or has admin privileges, like in the snippet below.

Is there a good way to prevent multiplication of this code. I do not see any advantages to bring this code into an external class, because processing al return information also will bring you to the same number of statements. Only advantage here is that the logic is in one place. Using attributes is also no option because attributes are shared among all sessions since each session is an instance (thread) of the HttpServlet class. Are there any good practices regarding my issue (google around on request parameters , session attributes and refactoring but did not find any good topic..)



Cheers Peter
Ram Narayan.M
Ranch Hand

Joined: Jul 11, 2010
Posts: 247

Are you using Database Tables to store the User details?... If so, you can pass the user details and query the tables...


SCJP 6 [SCJP - Old is Gold]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61756
    
  67

Peter van Nes wrote:for example to detect if the user is authenticated or has admin privileges..

For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves.

That would not only be a better application of the principle of Separation of Concerns, but would solve your repeat-code problem.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Peter van Nes
Greenhorn

Joined: Jun 09, 2010
Posts: 29
@ Ram Narayan.M; Yes username and SHA digest of password are stored in the Db. I already use a servlet to handle the authentication using the DB so do not quite understand how this answers my question.

@Bear Bibeault; Interesting feature i not have knowledge of. But short examination of web.xml documentation shows that you can filter the access to an servlet (or path) using a defined class. For my example code which i indeed use, i will see if i am able to implement this before the deadline of the assignment. (Thanks ! would never have implemented security at this level without the hint.) Still... i have other session attributes not related to authentication/authorization. So my question stands, are there any good practices regarding preventing code duplication processing session attributes and/or request parameters?

cheers,

Peter
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to refactor session attribute and request parameter processing ?