Exact Front Controller In Realtime

Could you please help me in solving my FrontController issue.

My requirement is once the user logged in, i would like to take the user to LoginServlet, create HttpSession and store user credentials, send him to HomePage. Here user will select different buttons or hyperlinks. My problem is the FrontController going into infinite loop. Its not actually taking the user to required resouce/servlet.

I have provided the code below.

web.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

<servlet>
<servlet-name>FrontControllerServlet</servlet-name>
<servlet-class>com.training.servlets.day6.FrontControllerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>FrontControllerServlet</servlet-name>
<url-pattern>/success/*</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.training.servlets.day6.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>HomePage</servlet-name>
<servlet-class>com.training.servlets.day6.HomePage</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HomePage</servlet-name>
<url-pattern>/success/HomePage</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>DisplayHtmlAndReadData</servlet-name>
<servlet-class>com.training.servlets.day6.DisplayHtmlAndReadData</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DisplayHtmlAndReadData</servlet-name>
<url-pattern>/success/LoginServlet</url-pattern>
</servlet-mapping>

<welcome-file-list>
<welcome-file>/htmls/LoginPage.html</welcome-file>
</welcome-file-list>

</web-app>

Front Controller Servlet:

public class FrontControllerServlet extends HttpServlet {
	   
	  public void doGet(HttpServletRequest req, HttpServletResponse res)
	                               throws ServletException, IOException {
		  System.out.println("Front Controller called.");
		  
		  res.setContentType("text/html");
	      PrintWriter out = res.getWriter();

//This line will give a session if it already created else returns null value.
	    HttpSession session = req.getSession(false);
	    
	    if(session == null || (session != null && session.getAttribute("LoggedInUser") == null))
	    {
	    	System.out.println("User not logged In.");
	    	 session = req.getSession(true);
	    	//Forward the user to the login page.
	    	RequestDispatcher dispacher = req.getRequestDispatcher("/htmls/LoginPage.html");
	    	dispacher.forward(req, res);
	    	
	    }else
	    {
	    	System.out.println("User logged In.");
	    	
	    	RequestDispatcher dispacher = req.getRequestDispatcher(req.getServletPath());
	    	dispacher.forward(req, res);
	    }

}
}

Login Page:

Login Servlet:

HomePage Servlet:

Could you please correct my code, suggest me a solution?

Thanks.

I'm not sure your about for what purpose you are using the FC here. You have mapped the FC to "/success/*" and from login servlet you are sending "/success/HomePage" for an authenticated user...?

Hi Vijitha

What my requirement in this exercise is:

I would like to allow the user to access LoginPage and LoginServlet, it does not harm/ no authorization required. If the user try to access LoginPage and LoginServlet in the browser directly like http://host:post/MyApp/LoginPage.html or http://host:post/MyApp/LoginServlet It wont harm much because we are asking the user to login if no user session exist.

All what i am trying to implement is other than LoginPage and LoginServlet i dont want to allow the user to access Urls/WebApp resources directly, i want to restrict the user. So i would like to use a gate keeper that is Front Controller, where i would like to check the HttpSession created and user logged in or not then only i want to allow the user that particular page.

Because i have given /success/* for Front Controller for every request that i forward from Front Controller its again looing into Front Controller instead of going to user request resource after vaidating User Session in Front Controller.

I unserstood that i did not do Front Controller configuration. Could you please suggest a correction or a solution.

Thank very much in advance please help me!

A Front Controller is usually not used for security access purposes. A servlet filter is a better tool for that job.

I can suggest one.

Use the J2EE standard security system instead of trying to create/debug/maintain your own. It's already functional, handles most security needs, doesn't have the security holes that every do-it-yourself security system has, and it frees up your time to work on the app and not on re-inventing something that already exists.

Case in point: I'd wager that your login service is recursing on itself.

Tim Holloway wrote:Use the J2EE standard security system instead of trying to create/debug/maintain your own.

Or that!

Hi Bear Bibeault,

Do you think if i move the same code to Servlet Filter instead of Servelt(Front Controller). So what would be the Url-Pattern should i configure in web.xml in my example?

Actually i am developing a sample application, I am not actually looking for any security implemenation. Just i want to know whetehr user loggedin or not every time when he try to access something. This is what my whole intension.

Please advice.

If i use Filter instead my own Front Controller Servlet then its working. I given Url-Pattern like /success/* Whatever i access the resouces under /success its going to Filter, checking the User Session and forwarding to corresponding resource that user requested.

I wonder. How that makes difference If i write my own controller in the .forward() and use the existing filer and .forward().

If the filters are fulfilling my purpose why they have introduced some other design pattern called Front Controller. If you say both are same. Could you please advice me how to change my URL pattern so that the Front Controller that i have written is going work exactly like the Filter to forward the resouce that i want if it is correct. Else to login page or error page.

Appreciate your help.

I see that you are checking for session.getAttribute("LoggedInUser") if session!= null, where are you setting that attribute.

In web.xml you have URL mapping /success/LoginServlet that is mapping to DisplayHtmlAndReadData servlet. That is not correct. or at least that may not work

And regarding Front Controller Vs Intercepting Filter

Front Controller:

In any web application, you would either

request a resource

or

submit a form/ an action

Whenever a servlet processes a request, here are the most common things it does

convert request parameters from String to appropriate data type you need

validate request parameters, so it has to invoke appropriate validator

create a java bean from request parameters if needed

Invoke appropriate business logic handler

handle exceptions and redirect to error pages

dispatch to appropriate view

There are several other things that are done, but I listed only simple ones.

So if you don't have Front Controller, you would be duplicating several lines of code in all your servlets. For example in all your servlet you call getRequestDispatcher and the only difference is view name that you are forwarding to.

And if Front Controller does all that for you with some configuration files, then you will only be worried about business logic, not all this request handling stuff.

You can check how ActionServlet in Struts Framework or DispatcherServlet in SpringFramework works. Both of these implement Front Controller design pattern.

Intercepting Filter
Intercepting filter is useful when you have some pluggable feature which also applies several things (cross-cutting concern).

Lets say you want the authentication feature now and some time later you don't want it. If you implement this feature in Front Controller, you will have to modify the code, where as if you have it as filter, you will just change the configuration so that filter won't get invoked and no code changes. You can reapply it if you want that later. But with Front Controller, you have to re-code again.

I hope I answered your question.

I my local machine i have correct code only but i pasted old code earlier. Now i did corrections in my code here:

web.xml

<?xml version="1.0" encoding="UTF-8"?>   
  
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">   
  
<web-app>   
  
   
<servlet>   
<servlet-name>FrontControllerServlet</servlet-name>   
<servlet-class>com.training.servlets.day6.FrontControllerServlet</servlet-class>   
</servlet>   
<servlet-mapping>   
<servlet-name>FrontControllerServlet</servlet-name>   
<url-pattern>/success/*</url-pattern>   
</servlet-mapping>   
   
  
   
<servlet>   
<servlet-name>LoginServlet</servlet-name>   
<servlet-class>com.training.servlets.day6.LoginServlet</servlet-class>   
</servlet>   
<servlet-mapping>   
<servlet-name>LoginServlet</servlet-name>   
<url-pattern>/LoginServlet</url-pattern>   
</servlet-mapping>   
   
  
   
<servlet>   
<servlet-name>HomePage</servlet-name>   
<servlet-class>com.training.servlets.day6.HomePage</servlet-class>   
</servlet>   
<servlet-mapping>   
<servlet-name>HomePage</servlet-name>   
<url-pattern>/success/HomePage</url-pattern>   
</servlet-mapping>   
   
  
   
<servlet>   
<servlet-name>DisplayHtmlAndReadData</servlet-name>   
<servlet-class>com.training.servlets.day6.DisplayHtmlAndReadData</servlet-class>   
</servlet>   
<servlet-mapping>   
<servlet-name>DisplayHtmlAndReadData</servlet-name>   
<url-pattern>/success/DisplayHtmlAndReadData </url-pattern>   
</servlet-mapping>   
   
  
<welcome-file-list>   
<welcome-file>/htmls/LoginPage.html</welcome-file>   
</welcome-file-list>   
  
</web-app>

LoginServlet.java

public class LoginServlet extends HttpServlet {

public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException 
	{
		res.setContentType("text/html");
		PrintWriter out = res.getWriter();

String userName = req.getParameter("userName");
		String password = req.getParameter("password");

if (authenticateUser(userName, password, req)) 
		{
			req.getRequestDispatcher("/success/HomePage").forward(req, res);

} else 
		{
			out.println("<HTML><HEAD><TITLE>Access Denied</TITLE></HEAD>");
			out.println("<BODY>Your User Name and Password are invalid.<BR>");
			out.println("Please click here to try again<A  + req.getContextPath() + "/htmls/LoginPage.html\">try again</A>");
			out.println("</BODY></HTML>");
			//if you want you can create another servlet and call to show as a login failure page
			//res.sendRedirect("/Servlets/LoginFailure");

}
	}

private boolean authenticateUser(String userName, String password, HttpServletRequest request) 
	{
		System.out.println("-----Your login credentials are: " + userName + ", " + password);
		//Connect to Database and check whether the user exist or not in the list.
		boolean isUserExist = false;

// Get the current session object, create one if necessary

//These two commented line creates the session if already not exist.
		//HttpSession session = req.getSession();
		//HttpSession session = req.getSession(true);
		HttpSession httpSession = request.getSession(false);
		
		if (httpSession == null || (httpSession != null && httpSession.getAttribute("LoggedInUser") == null)) 
		{
			System.out.println("Session not exist for this user.");
			
			if (userName.equals("Murali") && password.equals("Kankanala")) 
			{
				System.out.println("We found the user in the database.");
				System.out.println("Creating a new HttpSession for this user.");
				
				httpSession = request.getSession(true);
				httpSession.setMaxInactiveInterval(60);
				
				httpSession.setAttribute("LoggedInUser", userName);
				isUserExist = true;

} else 
			{
				System.out.println("We could not found the user in the database. Redirecting to login page.");
				isUserExist = false;
			}

} else 
		{			
			System.out.println("User already exist and session is also exist.");
			isUserExist = true;
		}

return isUserExist;
	}

}

Thank you very much for you patiency. I am not 100% satisfied with the answer only because i did not get the solution for my Front Controller in terms of servlets. But you are giving different framework suggestions. I knew struts framework how to use and i knew Spring how to use. Here all i need to a correction to my Front Controller to be worked.

Appreciate.

Okay I guess I took the wrong path to explain.

- I don't think you can force all requests to go through FrontControllerServlet first based on your current URL mappings

Here is how URL/Servlet mapping works in order

1. If the request URL matches one of the exact mapping, that exact mapping is used
(example /success/DisplayHtmlAndReadData will go to DisplayHtmlAndReadData servlet directly, and will not
go through FrontControllerServlet first)
2. If there is no exact match, container will choose the longest path match
3. If there is no longest path match, it will check for extension(*.jsp) match.
4. If there is no extension match, it will use default mapping used.
5. If none found, error is thrown

So I am not sure why it is going into infinite loop for you. Once you login successfully, it will never go to FrontControllerServlet
and instead goes HomePage and then DisplayHtmlAndReadData

If you want all requests to go through FrontControllerServlet, you will have to map only FrontControllerServlet in your web.xml