I am currently in the last stage of my java programmer certification and working on a final assignment, designing and developing a web based application using (among others) J2EE and JSTL. So i have some knowledge but have still quite some to learn...
In my application i have 2 servlets, both extending the HttpServlet and having a doGet and a doPost method. All 4 methods do have more or less the same statements to process request parameters and session attributes, for example to detect if the user is authenticated or has admin privileges, like in the snippet below.
Is there a good way to prevent multiplication of this code. I do not see any advantages to bring this code into an external class, because processing al return information also will bring you to the same number of statements. Only advantage here is that the logic is in one place. Using attributes is also no option because attributes are shared among all sessions since each session is an instance (thread) of the HttpServlet class. Are there any good practices regarding my issue (google around on request parameters , session attributes and refactoring but did not find any good topic..)
@ Ram Narayan.M; Yes username and SHA digest of password are stored in the Db. I already use a servlet to handle the authentication using the DB so do not quite understand how this answers my question.
@Bear Bibeault; Interesting feature i not have knowledge of. But short examination of web.xml documentation shows that you can filter the access to an servlet (or path) using a defined class. For my example code which i indeed use, i will see if i am able to implement this before the deadline of the assignment. (Thanks ! would never have implemented security at this level without the hint.) Still... i have other session attributes not related to authentication/authorization. So my question stands, are there any good practices regarding preventing code duplication processing session attributes and/or request parameters?
Wink, wink, nudge, nudge, say no more, it's a tiny ad: