Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to refactor session attribute and request parameter processing ?

 
Peter van Nes
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am currently in the last stage of my java programmer certification and working on a final assignment, designing and developing a web based application using (among others) J2EE and JSTL. So i have some knowledge but have still quite some to learn...

In my application i have 2 servlets, both extending the HttpServlet and having a doGet and a doPost method. All 4 methods do have more or less the same statements to process request parameters and session attributes, for example to detect if the user is authenticated or has admin privileges, like in the snippet below.

Is there a good way to prevent multiplication of this code. I do not see any advantages to bring this code into an external class, because processing al return information also will bring you to the same number of statements. Only advantage here is that the logic is in one place. Using attributes is also no option because attributes are shared among all sessions since each session is an instance (thread) of the HttpServlet class. Are there any good practices regarding my issue (google around on request parameters , session attributes and refactoring but did not find any good topic..)



Cheers Peter
 
Ram Narayan.M
Ranch Hand
Posts: 247
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you using Database Tables to store the User details?... If so, you can pass the user details and query the tables...
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65218
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Peter van Nes wrote:for example to detect if the user is authenticated or has admin privileges..

For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves.

That would not only be a better application of the principle of Separation of Concerns, but would solve your repeat-code problem.

 
Peter van Nes
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@ Ram Narayan.M; Yes username and SHA digest of password are stored in the Db. I already use a servlet to handle the authentication using the DB so do not quite understand how this answers my question.

@Bear Bibeault; Interesting feature i not have knowledge of. But short examination of web.xml documentation shows that you can filter the access to an servlet (or path) using a defined class. For my example code which i indeed use, i will see if i am able to implement this before the deadline of the assignment. (Thanks ! would never have implemented security at this level without the hint.) Still... i have other session attributes not related to authentication/authorization. So my question stands, are there any good practices regarding preventing code duplication processing session attributes and/or request parameters?

cheers,

Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic