Hi, how can i access a session attribute from a class that implements the Filter interface???. I'm able to get de ServletContext but i cannot access the session. I want to check the existence of a session attribute named user so i can filter the access to certain servlets. Is this correct?:
Thanks. [ March 28, 2006: Message edited by: Anibal Smith ]
I suppose that because the reference i got in the doFilter method is of the type ServletRequest and that reference doesn't have a reference to a session, the method getAttribute of the reference returns a request attribute, So i thought i could make a cast like this: HttpServletRequest httpRequest = (HttpServletRequest) request; and then access a session attribute through httpRequest like this: httpRequest.getSession().getAttribute("user"); Is this a valid way to do it?.
Are we saying, "because the reference in doFilter() method is of type ServletRequest therefore it doesn't have a reference to a session"?
If yes then why is it like that. I never read something like this anywhere or might be i missed the point. But when the argument is a HttpServletRequest instance, no matter if it takes it in a parent type, it should return the session object.
Bear, could you please explain this? and please refer me something to read. I have gone through the servlet 2.4 specs, but unable to find this.
[Edited] I just tried to get the session from request attribute in doFilter() method, and its working for me like boom. [ March 29, 2006: Message edited by: Adeel Ansari ]
HttpServletRequest extends ServletRequest. If check the Java API
ServletRequest does not have a getSession method. it is specific to HttpServletRequest (http is a stateless protocol so that you can use session object to maintain client state)
Originally posted by ak pillai: HttpServletRequest extends ServletRequest. If check the Java API
ServletRequest does not have a getSession method. it is specific to HttpServletRequest (http is a stateless protocol so that you can use session object to maintain client state)
What are you talking about? Please read previous posts carefully.
No, request.getSession() without parameters will create a new session, so it can be not desirable side effect. I'd recommend to use request.getSession(false) and then check for null.
Originally posted by dema rogatkin: No, request.getSession() without parameters will create a new session, so it can be not desirable side effect. I'd recommend to use request.getSession(false) and then check for null.
Originally posted by Pradip Bhat: Only if you cast it to HttpServletRequest. ServetRequest does not have a getSession method.
Yes, thats what he was already doing.
[Edited] See OP's first post. Though he/she edited the post, but the code in that post is there from the very begining. [ March 29, 2006: Message edited by: Adeel Ansari ]
Post by:autobot
Today you are you, that is turer than true. There is no one alive who is youer than you! - Seuss. Tiny ad:
a bit of art, as a gift, the permaculture playing cards