I am writing a code for a web application using Java and Apache Tomcat. The web application involves an authentication system. My question: is there any way that I can execute a certain code every time my web application receives a request. So instead of adding the code to check if the user is logged in every page, the code gets called automatically when the application receives a request.
Thanks!
You have at least a couple of options
make all your servlets extend the same base class and put the shared code in the service method
use a J2EE filter to intercept the message and put the shared code there
I'd go for the second of these options, providing that it's not too much of a code restructure. Authentication is a cross-cutting concern and is exactly what the Filter framework was designed to handle.
If I understand you correctly you should take a look on HTTP Filter.
You should implement interface javax.servlet.Filter, register you filter in web.xml using <filter> tag and your filter will be called on each call of URL you mapped to this filter.
You could use filter to control the event call.
You also can use tomcat container's background thread follow the event every 5 min.
Form-based authentication is for you.
Related
I am facing issue with shiro.
We have two applications(two WARS) on the same weblogic server 12c.
One WAR is UI which was integrated with CAS.
Second WAR is Jersey Rest services.
My problem is UI was auntheticated succefully and JsessionID was passed back to Rest Services while communicating with them.
Before reaching to the service we wrote one shiro filter class each time Subject is valid or not.
And also in our UI there is a requirement to call the Rest Service (One specific service) in every one minute.
Issue: Each time call reaches to shiro filter class, we are getting the different subject. i tried to print the sessionId from subject (each time its different), even though user was authenticated successfully in UI and in the backend some time user name is shown as null. Can you pls help.
Subject subject = getSubject(request, response);
There are a few things that typically cause this.
If you are handing the login yourself (by calling something like subject.login() directly, instead of letting the ShiroFilter handle it)
Both application servers are managing the sessions outside of Shiro: See https://shiro.apache.org/session-management.html#session-storage
That said, I'd need more details of how your app is setup. What do your cookies look like, how are your app servers configured, etc.
First of all i'm a newbie in java-ee. I'm working as a java developer and where i work, the company has a web application with java-ee on the frontside and cache(intersystem) at the backend.
Is it possible that the web application may not have any servlet class? I only can find httpservlet imports.
From my understanding, java-ee application always work with servlets with his get/post/init method's. Am i right?
Also,I really don't get the difference between servlets and jsp's.
For the moment, I know that the application is using maven,struts2,jsp,hibernate,taglib...
(Sorry for my english,I try my best)
You are not right, but not totally wrong either. Java-ee application mostly works with servlet but there is also others mechanisms involve like Filter and Listener.
Filters are used to manage request and response before and after servlets are called. For example you could use one to always redirect to a login page if there is no session.
Filter documentation
Listeners are used for listening to events in a web container, like Session creation.
I don't really know Struts2 but with a little of research i found out that it works with a front filter who is interpreting request and dispatch them to your Action class.
Some infos about Struts
A lot of Framework/Apis use a similar system it's actually the design pattern Front Controller, springMVC and Jersey for example both work with an unique front servlet
As for the difference between JSP and servlet, JSPs are just file that are compiled by the web server as servlet.
I've a java based web application running on Tomcat and it uses spring framework. I need to expose a ping URL to check whether the application is up and running. I've considered the following implementation approaches and all of them seems to work well when I tried them. However, I could not make up my mind whether one approach is better than another. Does it matter which path I take? Could someone advise which approach is better and why?
Create a web page and modify web.xml to redirect the url to the jsp page.
Create a REST service using Spring-WS
Create a servlet and return response
Use anything you want :-) But notice, that both Spring-WS and JSP are a little heavier (really not a meaningful reason here) than servlets. If you already have REST API to your aplication, use Spring-WS, if you render pages through JSP, use JSP. Or if you use none of these, write a plain servlet.
Since you are using Spring, assuming you use Spring MVC, you can just add another controller mapped to a certain URL which would be responsible for returning a status.
Solution 1 might not work depending on your requirement since a jsp page might work even if the rest of the app does not since it is not part of spring config.
I would like to know what is the starting point of any web application deployed on JBoss/Weblogic/Webphere.
For example, If you take a struts based application the starting point is ActionServlets plays the role of controller which manages all incoming requests. I am sure controller is depends on framework.
If so, please help me identifying the popular frameworks other than Struts, Flext etc., where I can presume ActionServlet as my controller.
Still a question on back of my mind, Wondering is there anything specific to Application Server? if so, any insight would be highly appreciated.
Thanks in Advance...
After your clarification, I'll try to write down how do I structure simple web apps (without frameworks)
a startup servlet, only initializing global stuffs and checking for resources (db pools, jms). Only it's init() method implemented and loaded with order 0.
a login servlet, with a login jsp as its main view.
a set of welcome pages redirecting the user to the login servlet (in web.xml)
a dashboard servlet, with a simple jsp as a view intrumenting menus and providing a nice starting point for the app.
After this, every action/menu, will map to one or more servlet doing all the bacground stuffs and redirecting to jsp views.
Usually I manage each request into a single servlet, doGet() or doPost() method, but it's not mandatory, depends on what I am doing.
For example, if you have to generate a report and this generation takes time, the servlet simply enque a report request somewhere (JMS queue or starts a Quartz task) and gives back control to the browser with a courtesy page stating that the request has been queued.
There are also scenarios in which a single request from the web UI, functionally impacts more of my "servlets", in such scenarios I chain the requests using the RequestDispatcher utility.
Doing this may lead to code duplication, so a good design of a business class tree is a must. Common business code shared among servlets (which act as the glue between user inputs, business logic and data logic - just like controllers ^^)
I have a couple of http methods in my application which is hosted in JBoss.
And Now I am trying to find some kind of hot-way to disable one of them,like click a button in a certain of page or calling a certain of http method. What i means of 'disable it' is making any web client which intends to send get/post request to it will go to failure . Maybe we can say the web client will got a http 404 response.
Can anybody give me some solutions? Thanks.
I think JMX would be appropriate for this situation.
You can pretty easily create an MBean (Managed Bean, a component of JMX) with Managed Attributes corresponding to boolean's for each of the endpoints you want to be disable-able. Registering it is the hard part, but there are libraries out there that make working with JMX easier. Spring has good support for setting up and working with MBeans.
As far as a JMX client goes, I usually use VisualVM, which ships with the JDK. From it, you can invoke methods on your MBeans at runtime, or even change their properties.