thanks, that helped.
Actually you do not need to map each url to a jsp page. you can use
path mapping, then when you forward to jsp page, get rid of the servelet
path. that will simply your configuration a lot.
cheers,
kevin
-----Original Message-----
From: Byung Jin Chun [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 09, 2000 9:32 AM
To: '[EMAIL PROTECTED]'
Subject: RE: question about RequestDispatcher.forward() in tomcat
Kevin,
many moons ago and before struts, we implemented something
that looks similar to what you are seeking. We mapped a uri(no extensions)
that went to the controller. In the jsps that are called from the
controller,
the jsp checks an object set in the request by the controller to make sure
there wasn't any bypassing.
Jin
-----Original Message-----
From: Chen, Kevin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 09, 2000 10:20 AM
To: '[EMAIL PROTECTED]'
Subject: RE: question about RequestDispatcher.forward() in tomcat
I want to centralized security check for each jsp page(not only
action) in our controller. If I map the jsp page to an logical
name, user may still be able to bypass the security check by going
to the jsp page directly.
Another goal is to maintain common look and feel. I do not want
each jsp page developer to include template.jsp. I want it be
enforced by the controller. So that jsp page developer can concentrate
on their task only.
The implementation of RequestDispatcher.forward()/include() does not
looks right to me. I mean if the jsp page comes from my controller,
it should not go back to it again. Is this a bug?
Thanks,
kevin
-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 6:30 PM
To: [EMAIL PROTECTED]
Subject: Re: question about RequestDispatcher.forward() in tomcat
What I do in the Struts framework <http://jakarta.apache.org/struts>,
which implements the MVC pattern you are talking about, is map a
different extension for the logical actions (normally, these will be the
values you use for hyperlinks and form submits). I like to use "*.do"
because it implies "go do something".
That way, I leave the mappings for the JSP pages set to the JSP servlet,
as it normally is.
Craig McClanahan
"Chen, Kevin" wrote:
> I am trying to implement a MVC system. the controller
> will intercept all request for .jsp page, then forward
> it to the jsp page after some checking.
>
> I am using TOMCAT to run the servlet. and using
> extension rul mapping, i.e.:(in web.xml)
> <servlet-mapping>
> <servlet-name> controller </servlet-name>
> <url-pattern> *.jsp </url-pattern>
> </servlet-mapping>
> My test controller just forward the page to another jsp page,
> the code looks like:
> RequestDispatcher dis;
> dis=getServletContext().getRequestDispatcher("/index.jsp");
> dis.forward (req, res);
> //dis.include (req, res);
>
> the problem with above approach is that, my controller will
> intercept the index.jsp too. which will cause the page cannot
> be displayed. looks like the servlet container resend the
> index.jsp page to me again and again.
>
> Is there anyway around it?
>
> Appreciate any help.
> kevin
