Solved

Servlet to Servlet Data Flow

Posted on 2006-06-23
11
405 Views
Last Modified: 2010-04-01
Hello,
This may be a common question. But I am not clear in several solutions.

First I gave up jsp's. That's really creating problems for me. So now I work only with Servlets and fun.

Any how.

I start a session from a login Servlet. There I maintain the current login user information in an array of loginInfor objects.
each loginInfor object do have the session ID, userId, pwd...etc etc....

Now after the login is completed (Authenticated) , I popup a Menu servlet. I want to pass the loginInfor array that was
created or updated in the login Servlet to the menu servlet.

How woud I do this?.

0
Comment
Question by:prain
  • 6
  • 5
11 Comments
 
LVL 27

Expert Comment

by:rrz
ID: 16970824
The easy way to share data objects is put it into a scope. I am not sure what you want here. But you could use either
session.setAttrribute("loginInfor", loginInfor);
getServletContext().setAttrribute("loginInforArray", loginInforArray);  
>maintain the current login user information in an array of loginInfor objects.
Does this array hold info from  one user or all of them ?
0
 

Author Comment

by:prain
ID: 16973007
All of them.
0
 

Author Comment

by:prain
ID: 16973012
rrz,

I am sorry I am tring to understand this....

So, in your comment, where should I do those steps.
Where should I do the session.setAttrribute("loginInfor", loginInfor); is it in the doGet() or doPost()?
and where shoud I do the getServletContext().setAttrribute("loginInforArray", loginInforArray);  
0
 
LVL 27

Expert Comment

by:rrz
ID: 16973320
You can do this many ways. I don't know your requirements. You may want to change this design. In the doPost method, in your login Servlet, you could use something like  

ServletContext context = getServletContext();
ArrayList  userArray = (ArrayList)context.getAttribute("loginInforArray");
if(userArray == null) userArray= new ArrayList();
LoginInfor loginInfor = new LoginInfor(userId, and whatever parameters the constructor expects);
userArray.add(loginInfor);  

I don't where to go from here. Explain your web app more. Why are gonig to password and session Id into  user info array ?  Do we have to remove the user from the array if he  logs out or just quits ?  Look at  
http://www.experts-exchange.com/Web/Web_Languages/JSP/Q_20514811.html   
You would not need the Filter, Just the Listener.  But, tell us more of your requirements, so I don't go the wrong way here.   rrz
0
 

Author Comment

by:prain
ID: 16974994
rrz,
Thank. Yes I understand what you say inthat first part.
The user array is created with LoginInfor objects in the Login Servlet, every time a new user start
using the webapp. There(LoginInfor object per user) I will store the session ID, user ID, pwd and many more infor.

But then, how do I pass the userArray reference to another Servlet?

This is required, because otherwise someone could bypass the login servlet and make use of the other
resoures of the system. So if I pass the userArray that was created in Login to other Servlets, I could check for the userInfor objects within the userArray for the legitimacy of the user if he/she tries to "Cut In" bypassing the Login servlet.

>> Do we have to remove the user from the array if he  logs out or just quits ?  Look at  
Yes I will be.

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Expert Comment

by:rrz
ID: 16975237
>But then, how do I pass the userArray reference to another Servlet?  
You don't have to pass it.  Objects in the application scope are shared by all users of the application. We can just use  
ServletContext context = getServletContext();
ArrayList  userArray = (ArrayList)context.getAttribute("loginInforArray");  
in all Servlets in the application.
>I could check for the userInfor objects within the userArray for the legitimacy of the user  
How are you going to do that ? Are you going to search through the whole array ?  What about when he quits ?  You will have to search again ?
If you look at the link I posted, then you will see that we used a Hashtable in the application scope. As the key we used the user's session id.  That way we can use key to find user and use a HttpSessionListener to listen for the end of a session.    
But maybe you don't need to do all that.   If all you want to do is  check that the user is logged in, then why not just make the userInfor objects session scoped objects ?  In each servlet you could check for a session and then check for legitimacy in a userInfor object. If you don't find both then redirect user to the Login servlet.   Why do you need an array   ?       rrz
0
 

Author Comment

by:prain
ID: 16976636
Yes. I think I get the concept here now. Also I like the Hashtable than an array. I will get back with you soon.

Thanks for the hints.
0
 
LVL 27

Expert Comment

by:rrz
ID: 16976675
>Also I like the Hashtable than an array  
You have to decide what key to use depending on your requirements. Maybe using the user login name would work for you.  
0
 

Author Comment

by:prain
ID: 16984463
rrz,

Sorry I am asking this again...
I think I am not getting something right here. I have not gone into big details. But testing a very trivial data pass to another servelet from the login server.

This is what I have in my login servelet's doPost();

public void doPost (HttpServletRequest req, HttpServletResponse res)
   throws ServletException, IOException
{
   userID   = req.getParameter("UserID");
   
   toServlet  = req.getParameter ("servletTo");

 
   HttpSession session = req.getSession (true);

   if (at.isExistsUserId(userID) && at.isExistsPassword(passWord))
   {  // successful
      System.out.println("User ID Successful");
      session.setAttribute ("UserID", userID);
     
      // OKAY ... forward to SERVLET "toServlet"
      res.sendRedirect (ServletLoc + toServlet);
   }
   else
   {  // unsuccessful
      System.out.println("USer ID Unsuccessful");
      session.setAttribute ("isDemoLogin", "No");
      session.setAttribute ("UserID", "");
      invalidID = true;
      doGet (req, res);
   }
} // end of doPost() m

I can see the "User ID Successgul printed on the catalina.out. So I assume that the attribute "UserID" was sert within the context.

Then in the next Serrvlet in the session (the one that is directed in the doPost() of login), in the doGet() this is what I have


public void doGet (HttpServletRequest req, HttpServletResponse res)
   throws ServletException, IOException
{

  ServletContext  context = getServletContext();
  System.out.println("Getting UserID Attribute : " + (String) context.getAttribute("UserID"));

  //and the rest of teh code.
}

I see null for
System.out.println("Getting UserID Attribute : " + (String) context.getAttribute("UserID"));

What Am I missing here.

Thanks
prain
0
 
LVL 27

Accepted Solution

by:
rrz earned 100 total points
ID: 16984721
In  your login servlet
>   session.setAttribute ("UserID", userID);    
and in your next servlet you have  
>(String) context.getAttribute("UserID"));      
This won't work because session scope is different from context scope. They are two different scopes. There are four scopes; page , request, session, and ServletContext(called application scope in a JSP).    So change  
>(String) context.getAttribute("UserID"));  
to    
(String) session.getAttribute("UserID"));       rrz
0
 

Author Comment

by:prain
ID: 16984858
rrz,
Thanks so much. Works great. I think I have gotten the idea now. But I am sure there could be many questions.

Thanks
prain.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We need a new way to communicate time sensitive or critical info.   The best part of my role at xMatters is visiting our clients all over the world to learn about how they operate their businesses, share insights that xMatters has gleaned across…
Knowledge base software has turned out to be a quite reliable method for storing information, promoting collaborative work and for sharing valuable input and solutions.However, some organizations are trying to develop a knowledge base that works wit…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now