Adding a new RequestInterceptor

[Arieh Markel <Ar...@Central.Sun.COM>]

I am now at a point where I have updated our web-related classes to 
take advantage of the 3.1M2 API.

I would like to do the following:

	a. add an interceptor that behaves in a manner similar to
	   SessionInterceptor
	   
	b. It verifies that our own session-scheme (a pseudo-URL-rewriting)
	   is addressed on the request.
	   
	c. If no session has been set, redirection will occur to the
	   required 'login' page.
	   
My question to the experts is as follows:

   . is an interceptor able to rewrite/modify the request object ?
   
   . is a RequestDispatcher.forward() an appropriate solution
   
Arieh
--
 Arieh Markel		                Sun Microsystems Inc.
 Network Storage                        500 Eldorado Blvd. MS UBRM11-194
 e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
 Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
 (e-mail me with subject SEND PUBLIC KEY to get public key)

Re: Adding a new RequestInterceptor

[co...@eng.sun.com]

>    . is an interceptor able to rewrite/modify the request object ?

Yes. 


>    . is a RequestDispatcher.forward() an appropriate solution

I don't think so - not at interceptor level, RD is a bit too high level.

The simplest thing you can do is just replace the handler ( servlet ) with
your own servlet. 

If you want to redirect to a html page or something that is not a servlet
just create a servlet that will redirect ( either send a redirect reply or
just call RequestDispatcher.forward() ).

Take a look at SecurityCheck and form-based login - it's very similar.

We should keep the 2 levels separated ( i.e. Servlet and Tomcat internal),
and the alghoritm used for Interceptors should remain simple - the
interceptors will fill-in Request/Response with aditional info or change
existing objects. In this case you'll change the handler.

( that's how all apache modules work too - the change
request_rec->handler)

Costin