Making custom URL in Java EE web-application

Question

I'm writing a simple little application, which is a booking system. In the system there are two roles: administrator and user. All requests are working through the only servlet. Index.jsp (loginpage for user and admin) works without its help. So I have the starting url looking like this:

localhost:8080/[AppName]/index.jsp

To ensure security, I wrote a filter that will not allow anonymous users going to any page, except index.jsp; admin go on user page, and user go on admin page. But the problem is that I can't map the filter properly, because all the URLs in my app look like:

localhost:8080/[AppName]/servlet?command=[commandName]

Because of this, such a mapping, like (of course, in the web.xml the filter has already described before this mapping):

<filter-mapping>
    <filter-name>Security</filter-name>
    <url-pattern>/servlet?command=[commandName]</url-pattern>
</filter-mapping>

does not work, and I don't like it at all, because in this case it is necessary to prescribe all the commands of an application. In this regard, I have an idea to make the url when smbdy log on like these:

localhost:8080/[AppName]/user - for user

localhost:8080/[AppName]/admin - for admin

In the web-inf folder I have inner folder "pages", in which there are several inner folders: "error", "admin" and "user", which keep jsp pages for these roles and errors.

How to implement the proposed idea? I suspect that this is quite trivial, but I didn't found the answer, because I even have no idea, how to name my issue.

Answer 1

I've recently had something similiar in my project, try like that:

<servlet-mapping>
    <servlet-name>YourServletName</servlet-name>
    <url-pattern>/YourServletName/*</url-pattern>
</servlet-mapping>

In the servlet code I've got method:

protected String getActionSegment(HttpServletRequest request) {
    String action = request.getRequestURI().
        replace(request.getContextPath() + 
            request.getServletPath(), "").
                replace("/", "").
                    trim();
    return action.length() > 0 ? action : "index"; 
}

That method returns the name of the action, if the Url is localhost:8080/MyWebApp/MyServlet, then by default it redirects to index.jsp (you can change that) In the servlet execution method you simply define what it should do (and where to redirect) in each case for example:

    if(action.equals("admin")) {
       //do something
    } else if (action.equals("user")) {
       //do something else
    }

Let me know if that's what you meant. Btw you can also restrict access to jsp folder and only make it work if servlet redirects to the jsp.

Answer 2

I think i get it now; -First make initial servlet (index.jsp ain't servlet), once user access your page he is being redirected to it. For example localhost:8080/YouWebAppName/IndexServlet.

IndexServlet check whether session is set, if not it redirects to accessible index.jsp, if the session is set then it checks the role, if the role is set to user it redirects to localhost:8080/YourWebAppName/UserServlet, if the session is set to Admin it redirects to localhost:8080/YourWebAppName/AdminServlet.

In both Admin and User servlet you check in the first place if the session variable equals respectively user/admin.

If there are methods that you want to share in both servlets, make third servlet call it however you want and then UserServlet and AdminServlet should extend that servlet