• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Confused - MVC, JSP, Servlet interaction

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I have a good handle on the basic principles of MVC (JSP = View; Servlet = Controller; Bean = Model) but I'm confused about a number of issues:
1. Links in JSP. Should all of them go through the controller servlet, even if they are just links from one JSP to another with no change in business logic / model?
2. When a user goes to a secure page I need to enforce a logon if they are not already logged on. At the moment I have some code in a JSP that checks to see if a session variable is set, and if it isn't it does a redirect:
=====
sLoggedIn = (String) session.getAttribute("LoggedIn");
if (sLoggedIn == null)
{
RequestDispatcher dispatcher = request.getRequestDispatcher("Main? action=login");
dispatcher.forward(request, response);
}
=====
FYI, my controller servlet is called "Main".
In the controller servlet I check for action equals "login" and then redirect to login.jsp on a match.
Is this a good approach?
How should I pass data between the code that checks to see if the user is logged in, the controller servlet and the login.jsp page? I'd like the user to be returned to the secure page that they tried to access when they were forced to login. For example:
1. User tries to access "buy.jsp"
2. User is not logged in so they are redirected (through the controller servlet) to login.jsp
3. They enter their username and password and the form is submitted to the controller servlet.
4. The controler servlet validates the user against a database.
5. If the login fails the user if redirected to login.jsp and gets an error messages. Jump to step 3.
6. If the login is successful then a session variable is set to show that they are logged in, and then they are redirected to buy.jsp
Any help you can give me would be fantastic. I'm tearing me hair out trying to do this development the "right" way.
Thanks
Darren.
 
Ranch Hand
Posts: 285
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am no expert but here is my input (more than welome to be corrected on any thing)...


1. Links in JSP. Should all of them go through the controller servlet, even if they are just links from one JSP to another with no change in business logic / model?


Though there is no hard and fast rule to say that *ALL* things must go through the controller for example a form split over number of pages but inevitably you do not want pages to be dependent upon one another for ease of maintenance, the flow of app should ideally be controlled centrally.
My take on no. 2 - I would personally put the logic inside the controller to check if a buy.jsp is to be served. The person only allowed to access a particular page after validation is inevitably a business decision.
The controller should check for the existence of a session, if present use the application context to check where the request came from and send them back, else ask for user name and password and subsequently the controller delegates the task of logging into a bean.
HTH
- FK -
 
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The person only allowed to access a particular page after validation is inevitably a business decision.

I think that after Authentication (validation), whether a person is allowed access to a particular page or not is a question of Authorization

Whether someone is authorized to view a page or not can be thought of as a business rule, but I tend to think of it more as a configuration. And luckily for us, Servlet containers have both Authentication and Authorization (A+A) capabilities.

These two Tomcat documents, even though they're Tomcat specific, provide a good introduction on an implementation of the servlet spec's A+A features.
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/realm.html

Also, check out the Servlet Spec
Servlet 2.3 Spec

Servlet 2.4 Spec
 
Faisal Khan
Ranch Hand
Posts: 285
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Mike,
Thanks for correcting me, it was actually the wrong language I used which caused the confusion. What I intended to say was: deciding which pages can only be accessed by validated users is a business decision - at least that is what I was thinking. Would that be correct?
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Faisal,

I don't think you're wrong, and to argue over 'authorization' or 'business decision' is probably splitting hairs. At some point, some person or process decides who is 'authorized' to perform certain functions, or view certain pages, or parts of pages.

That decision process is called 'authorization', and of course, it's driven by someone, somewhere, making a business decision (at deploy time perhaps, or in a more dynamic system, as a runtime configurable setting)
 
bacon. tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic