aspose file tools*
The moose likes Servlets and the fly likes Exact Front Controller In Realtime Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Exact Front Controller In Realtime" Watch "Exact Front Controller In Realtime" New topic
Author

Exact Front Controller In Realtime

murali kankanala
Ranch Hand

Joined: Nov 15, 2004
Posts: 110
Could you please help me in solving my FrontController issue.

My requirement is once the user logged in, i would like to take the user to LoginServlet, create HttpSession and store user credentials, send him to HomePage. Here user will select different buttons or hyperlinks. My problem is the FrontController going into infinite loop. Its not actually taking the user to required resouce/servlet.

I have provided the code below.

web.xml:


Front Controller Servlet:



Login Page:



Login Servlet:



HomePage Servlet:



Could you please correct my code, suggest me a solution?

Thanks.
Vijitha Kumara
Bartender

Joined: Mar 24, 2008
Posts: 3837

I'm not sure your about for what purpose you are using the FC here. You have mapped the FC to "/success/*" and from login servlet you are sending "/success/HomePage" for an authenticated user...?


SCJP 5 | SCWCD 5
[How to ask questions] [Twitter]
murali kankanala
Ranch Hand

Joined: Nov 15, 2004
Posts: 110
Hi Vijitha

What my requirement in this exercise is:

I would like to allow the user to access LoginPage and LoginServlet, it does not harm/ no authorization required. If the user try to access LoginPage and LoginServlet in the browser directly like http://host:post/MyApp/LoginPage.html or http://host:post/MyApp/LoginServlet It wont harm much because we are asking the user to login if no user session exist.

All what i am trying to implement is other than LoginPage and LoginServlet i dont want to allow the user to access Urls/WebApp resources directly, i want to restrict the user. So i would like to use a gate keeper that is Front Controller, where i would like to check the HttpSession created and user logged in or not then only i want to allow the user that particular page.

Because i have given /success/* for Front Controller for every request that i forward from Front Controller its again looing into Front Controller instead of going to user request resource after vaidating User Session in Front Controller.

I unserstood that i did not do Front Controller configuration. Could you please suggest a correction or a solution.


Thank very much in advance please help me!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

A Front Controller is usually not used for security access purposes. A servlet filter is a better tool for that job.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16137
    
  21

I can suggest one.

Use the J2EE standard security system instead of trying to create/debug/maintain your own. It's already functional, handles most security needs, doesn't have the security holes that every do-it-yourself security system has, and it frees up your time to work on the app and not on re-inventing something that already exists.

Case in point: I'd wager that your login service is recursing on itself.


Customer surveys are for companies who didn't pay proper attention to begin with.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

Tim Holloway wrote:Use the J2EE standard security system instead of trying to create/debug/maintain your own.

Or that!
murali kankanala
Ranch Hand

Joined: Nov 15, 2004
Posts: 110
Hi Bear Bibeault,

Do you think if i move the same code to Servlet Filter instead of Servelt(Front Controller). So what would be the Url-Pattern should i configure in web.xml in my example?

Actually i am developing a sample application, I am not actually looking for any security implemenation. Just i want to know whetehr user loggedin or not every time when he try to access something. This is what my whole intension.


Please advice.

murali kankanala
Ranch Hand

Joined: Nov 15, 2004
Posts: 110
If i use Filter instead my own Front Controller Servlet then its working. I given Url-Pattern like /success/* Whatever i access the resouces under /success its going to Filter, checking the User Session and forwarding to corresponding resource that user requested.

I wonder. How that makes difference If i write my own controller in the .forward() and use the existing filer and .forward().


murali kankanala
Ranch Hand

Joined: Nov 15, 2004
Posts: 110
If the filters are fulfilling my purpose why they have introduced some other design pattern called Front Controller. If you say both are same. Could you please advice me how to change my URL pattern so that the Front Controller that i have written is going work exactly like the Filter to forward the resouce that i want if it is correct. Else to login page or error page.


Appreciate your help.
Rajkishore Pujari
Ranch Hand

Joined: Sep 03, 2005
Posts: 46
  • I see that you are checking for session.getAttribute("LoggedInUser") if session!= null, where are you setting that attribute.
  • In web.xml you have URL mapping /success/LoginServlet that is mapping to DisplayHtmlAndReadData servlet. That is not correct. or at least that may not work




  • Rajkishore Pujari
    Ranch Hand

    Joined: Sep 03, 2005
    Posts: 46
    And regarding Front Controller Vs Intercepting Filter


    Front Controller:

    In any web application, you would either

  • request a resource
  • or
  • submit a form/ an action


  • Whenever a servlet processes a request, here are the most common things it does
  • convert request parameters from String to appropriate data type you need
  • validate request parameters, so it has to invoke appropriate validator
  • create a java bean from request parameters if needed
  • Invoke appropriate business logic handler
  • handle exceptions and redirect to error pages
  • dispatch to appropriate view


  • There are several other things that are done, but I listed only simple ones.

    So if you don't have Front Controller, you would be duplicating several lines of code in all your servlets. For example in all your servlet you call getRequestDispatcher and the only difference is view name that you are forwarding to.

    And if Front Controller does all that for you with some configuration files, then you will only be worried about business logic, not all this request handling stuff.


    You can check how ActionServlet in Struts Framework or DispatcherServlet in SpringFramework works. Both of these implement Front Controller design pattern.

    Intercepting Filter
    Intercepting filter is useful when you have some pluggable feature which also applies several things (cross-cutting concern).

    Lets say you want the authentication feature now and some time later you don't want it. If you implement this feature in Front Controller, you will have to modify the code, where as if you have it as filter, you will just change the configuration so that filter won't get invoked and no code changes. You can reapply it if you want that later. But with Front Controller, you have to re-code again.

    I hope I answered your question.
    murali kankanala
    Ranch Hand

    Joined: Nov 15, 2004
    Posts: 110
    I my local machine i have correct code only but i pasted old code earlier. Now i did corrections in my code here:

    web.xml


    LoginServlet.java


    Thank you very much for you patiency. I am not 100% satisfied with the answer only because i did not get the solution for my Front Controller in terms of servlets. But you are giving different framework suggestions. I knew struts framework how to use and i knew Spring how to use. Here all i need to a correction to my Front Controller to be worked.

    Appreciate.
    Rajkishore Pujari
    Ranch Hand

    Joined: Sep 03, 2005
    Posts: 46
    Okay I guess I took the wrong path to explain.

    - I don't think you can force all requests to go through FrontControllerServlet first based on your current URL mappings

    Here is how URL/Servlet mapping works in order

    1. If the request URL matches one of the exact mapping, that exact mapping is used
    (example /success/DisplayHtmlAndReadData will go to DisplayHtmlAndReadData servlet directly, and will not
    go through FrontControllerServlet first)
    2. If there is no exact match, container will choose the longest path match
    3. If there is no longest path match, it will check for extension(*.jsp) match.
    4. If there is no extension match, it will use default mapping used.
    5. If none found, error is thrown


    So I am not sure why it is going into infinite loop for you. Once you login successfully, it will never go to FrontControllerServlet
    and instead goes HomePage and then DisplayHtmlAndReadData

    If you want all requests to go through FrontControllerServlet, you will have to map only FrontControllerServlet in your web.xml
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Exact Front Controller In Realtime