I want to centralized security check for each jsp page(not only
action) in our controller. If I map the jsp page to an logical
name, user may still be able to bypass the security check by going
to the jsp page directly.
Another goal is to maintain common look and feel. I do not want
each jsp page developer to include template.jsp. I want it be
enforced by the controller. So that jsp page developer can concentrate
on their task only.
The implementation of RequestDispatcher.forward()/include() does not
looks right to me. I mean if the jsp page comes from my controller,
it should not go back to it again. Is this a bug?
Thanks,
kevin
-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 6:30 PM
To: [EMAIL PROTECTED]
Subject: Re: question about RequestDispatcher.forward() in tomcat
What I do in the Struts framework <http://jakarta.apache.org/struts>,
which implements the MVC pattern you are talking about, is map a
different extension for the logical actions (normally, these will be the
values you use for hyperlinks and form submits). I like to use "*.do"
because it implies "go do something".
That way, I leave the mappings for the JSP pages set to the JSP servlet,
as it normally is.
Craig McClanahan
"Chen, Kevin" wrote:
> I am trying to implement a MVC system. the controller
> will intercept all request for .jsp page, then forward
> it to the jsp page after some checking.
>
> I am using TOMCAT to run the servlet. and using
> extension rul mapping, i.e.:(in web.xml)
> <servlet-mapping>
> <servlet-name> controller </servlet-name>
> <url-pattern> *.jsp </url-pattern>
> </servlet-mapping>
> My test controller just forward the page to another jsp page,
> the code looks like:
> RequestDispatcher dis;
> dis=getServletContext().getRequestDispatcher("/index.jsp");
> dis.forward (req, res);
> //dis.include (req, res);
>
> the problem with above approach is that, my controller will
> intercept the index.jsp too. which will cause the page cannot
> be displayed. looks like the servlet container resend the
> index.jsp page to me again and again.
>
> Is there anyway around it?
>
> Appreciate any help.
> kevin
