• Post Reply Bookmark Topic Watch Topic
  • New Topic

Controlled navigation  RSS feed

 
Sharmi Ragoth
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to control the navigation of a user - like for instance - lets says he needs to do some setup the first time he logs in or his password is about to expire, and I want him to change it etc.
I don't want the user to go to any other page, without getting through this stuff first.

What would be the best way of doing this. I already have various attributes stored in the session for flagging various other things, so I am not too keen on following the same mechanism.

Is there any way I can use the RequestProcessor to flag incoming requests and reroute it back to the same page? We extend ours from the DelegatingTilesRequestProcessor.

Thanks.
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
State management is always a challenge for applications, especially web based applications, where users can do miserable things such as bookmark pages, or type in URLs directly into the address bar.

Doing thing like using doPost methods instead of doGet methods can flag the things I just mentioned. If someone invokes a doGet, you can send them to a login page.

Also, checking to see if an HttpSession object exists, or seeing if certain objects are in the session at certain times can give you ideas on where to re-route your user. In fact, even in a perfect application, you've still got to worry about session timeouts and stuff.

Frameworks like Struts and JSF help you manage these things, but it certainly isn't done for you.

If you find a silver bullet,let me know.

-Cameron McKenzie
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Products like SiteMinder insert a filter in front of servlet processing. SiteMinder checks for a cookie that indicates you are logged in. If it's not present it can store the original request and redirect you to a login page. After login it restores the original request and goes to the original page.

I wrote a front controller servlet for a very simple subset of our application, and adding this kind of thing later was as simple as:

You can probably imagine how the controller now goes to login, and how the login command redirects to "postLogin" when it's done. There is more to it when you have to store request parameters for the next page to use.
 
Sharmi Ragoth
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Alright.. thanks for your replies.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!