myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 101questionjsf <innovest...@yahoo.com>
Subject RE: Servlet Filter? I'm stuck
Date Fri, 07 Apr 2006 07:46:34 GMT

hi,

I changed the filter pattern in web.xml from /user/* to /*.jsf, then it goes
into infinite loop, keep calling login.jsf.
I tried checking the uri with endWith login.jsf and login.jsp, then stop
looping, but images and css files cannot come thru.

Anyone has  a filter to spare?

<filter-mapping> 
  <filter-name>UserSecurity</filter-name> 
  <url-pattern>/*.jsf</url-pattern> 
</filter-mapping>

Anyone can help?




Patrick Haggood wrote:
> 
> Here's a security filter I adapted from a sample on the Java Studio
> Creator forum:
> 
> First the web.xml part:
> <filter>
>   <filter-name>UserSecurity</filter-name>
>   <filter-class>tolls.tools.UserSecurityCheckFilter</filter-class>
> </filter>
> 
> 
> 
> <filter-mapping>
>   <filter-name>UserSecurity</filter-name>
>   <url-pattern>/user/*</url-pattern>
> </filter-mapping>
> 
> Now the filter:
> 
> /*
>  * UserSecurityCheckFilter.java
>  *
>  * Created on 30 December 2004, 23:36
>  */
> 
> package tolls.tools;
> 
> import java.io.IOException;
> 
> import javax.servlet.Filter;
> import javax.servlet.FilterChain;
> import javax.servlet.FilterConfig;
> import javax.servlet.ServletException;
> import javax.servlet.ServletRequest;
> import javax.servlet.ServletResponse;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> 
> import net.codezilla.trinity.service.LoginBean;
> 
> 
> /**
>  *
>  * @author  Jonathan Buckland
>  * JSC Forums
>  * http://swforum.sun.com/jive/thread.jspa?messageID=185654
>  */
> public class UserSecurityCheckFilter implements Filter {
>     
>     private FilterConfig config = null;
>     private final static String FILTER_APPLIED =
> "_security_filter_applied";
>     public UserSecurityCheckFilter() { //called once. no method
> arguments allowed here!
>     }
>     
>     public void init(FilterConfig conf) throws ServletException {
>         
>     }
>     
>     public void destroy() {
>     }
>     
>     /** Creates a new instance of SecurityCheckFilter */
>     public void doFilter(ServletRequest request, ServletResponse
> response, FilterChain chain)
>     throws IOException, ServletException {
>         
>         HttpServletRequest hreq = (HttpServletRequest)request;
>         HttpServletResponse hres = (HttpServletResponse)response;
>         HttpSession session = hreq.getSession();
>         
>         String checkforloginpage = hreq.getPathTranslated();
>         
>         //System.out.println("ctext path " + hreq.getContextPath());
>         //System.out.println("uri " + hreq.getRequestURI());
>         //System.out.println("url " + hreq.getRequestURL());
>         //System.out.println("srv path " + hreq.getServletPath());
>         //dont filter login.jsp because otherwise an endless loop.
>         //& only filter .jsp otherwise it will filter all images etc as
> well.
>         if ((request.getAttribute(FILTER_APPLIED) ==
> null)) //&&(checkforloginpage.endsWith(".jsp")))
>         		{
>             request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
>             
>             // if all else fails, goto main page
>             String loginPage="/MateoWeb/MainPage.faces";
>             boolean loginStatus=false;
>             //If the session bean is not null get the login status
>             LoginBean lbean =
> (LoginBean)session.getAttribute("loginbean");
>             
>             // if you can find session, check logins
>             if(lbean!=null) {
>                     //System.out.println("Checking user login");
>                     loginStatus=(lbean.isUserLoginStatus());
>             }
>            // System.out.println("Login status " + loginStatus);
>             // if loginStatus is false for any of these filtered pages,
> goto relevant loginform
>             if(!loginStatus) {
>                // System.out.println("Redirecting to main page " +
> loginPage);
>                 hres.sendRedirect(loginPage);
>                 return;
>             }
>         }
>         //deliver request to next filter
>         chain.doFilter(request, response);
>     }
> }
> 
> On Wed, 2005-05-11 at 09:30 +0200, hermod.opstvedt@dnbnor.no wrote:
>> Hi
>> 
>> Sorry for not answering this before - Been out sailing for some days.
>> 
>> SecurityFilter is SF project. I have been using it in a couple of Struts
>> applications, and have now incorporated it into the MyFaces version of
>> one of them that I am currently migrating.
>> 
>> Hermod
> 
> 
> 
> 
> 
> 

--
View this message in context: http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3799147
Sent from the MyFaces - Users forum at Nabble.com.


Mime
View raw message