• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

How to refactor session attribute and request parameter processing ?

 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am currently in the last stage of my java programmer certification and working on a final assignment, designing and developing a web based application using (among others) J2EE and JSTL. So i have some knowledge but have still quite some to learn...

In my application i have 2 servlets, both extending the HttpServlet and having a doGet and a doPost method. All 4 methods do have more or less the same statements to process request parameters and session attributes, for example to detect if the user is authenticated or has admin privileges, like in the snippet below.

Is there a good way to prevent multiplication of this code. I do not see any advantages to bring this code into an external class, because processing al return information also will bring you to the same number of statements. Only advantage here is that the logic is in one place. Using attributes is also no option because attributes are shared among all sessions since each session is an instance (thread) of the HttpServlet class. Are there any good practices regarding my issue (google around on request parameters , session attributes and refactoring but did not find any good topic..)



Cheers Peter
 
Ranch Hand
Posts: 247
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you using Database Tables to store the User details?... If so, you can pass the user details and query the tables...
 
Marshal
Posts: 67339
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Peter van Nes wrote:for example to detect if the user is authenticated or has admin privileges..


For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves.

That would not only be a better application of the principle of Separation of Concerns, but would solve your repeat-code problem.

 
Peter van Nes
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@ Ram Narayan.M; Yes username and SHA digest of password are stored in the Db. I already use a servlet to handle the authentication using the DB so do not quite understand how this answers my question.

@Bear Bibeault; Interesting feature i not have knowledge of. But short examination of web.xml documentation shows that you can filter the access to an servlet (or path) using a defined class. For my example code which i indeed use, i will see if i am able to implement this before the deadline of the assignment. (Thanks ! would never have implemented security at this level without the hint.) Still... i have other session attributes not related to authentication/authorization. So my question stands, are there any good practices regarding preventing code duplication processing session attributes and/or request parameters?

cheers,

Peter
 
Wink, wink, nudge, nudge, say no more, it's a tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!