I am using Resin2.0. In our Intranet, all the user requests are directed to a servlet which does the authentication and redirects to the respective jsp files.

Created May 7, 2012

Stephen McConnell

Actually an excellent design pattern is to create a base class like MyCompanyJSP as an abstract class. All JSP's will extend this class. Then, you can put an abstract

_jspService(request, response)

method in your MyCompanyJSP class.

You should place a "user" mediator in a "request" attribute each time the controller servlet is called that contains the user's authentication. Now, you can create "concrete"

doPost and doGet

methods which do authentication. Unless there is a valid "user" mediator in a "request" attribute and that user mediator validates the users ability to access that page, then the page is not displayed and forwards to a "not authorized" page.

If one just types in the URL, the "user" mediator is not available and the page access is not valid.

This is one way we do this at our shop.

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.