Return-Path: Delivered-To: apmail-myfaces-users-archive@www.apache.org Received: (qmail 10387 invoked from network); 7 Apr 2006 07:47:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 Apr 2006 07:47:02 -0000 Received: (qmail 49809 invoked by uid 500); 7 Apr 2006 07:46:57 -0000 Delivered-To: apmail-myfaces-users-archive@myfaces.apache.org Received: (qmail 49774 invoked by uid 500); 7 Apr 2006 07:46:57 -0000 Mailing-List: contact users-help@myfaces.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "MyFaces Discussion" Delivered-To: mailing list users@myfaces.apache.org Received: (qmail 49763 invoked by uid 99); 7 Apr 2006 07:46:57 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Apr 2006 00:46:57 -0700 X-ASF-Spam-Status: No, hits=0.9 required=10.0 tests=FORGED_YAHOO_RCVD,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of lists@nabble.com designates 72.21.53.35 as permitted sender) Received: from [72.21.53.35] (HELO talk.nabble.com) (72.21.53.35) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Apr 2006 00:46:56 -0700 Received: from localhost ([127.0.0.1] helo=talk.nabble.com) by talk.nabble.com with esmtp (Exim 4.50) id 1FRlfv-0001Ee-1F for users@myfaces.apache.org; Fri, 07 Apr 2006 00:46:35 -0700 Message-ID: <3799147.post@talk.nabble.com> Date: Fri, 7 Apr 2006 00:46:34 -0700 (PDT) From: 101questionjsf To: users@myfaces.apache.org Subject: RE: Servlet Filter? I'm stuck In-Reply-To: <1116159488.5640.5.camel@lapzilla.yorkshire> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-Sender: innovest_11@yahoo.com X-Nabble-From: 101questionjsf References: <9DEC448423001449B245CE5519C3EFE7029E18C9@sdlap403.dnb.no> <1116159488.5640.5.camel@lapzilla.yorkshire> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N hi, I changed the filter pattern in web.xml from /user/* to /*.jsf, then it goes into infinite loop, keep calling login.jsf. I tried checking the uri with endWith login.jsf and login.jsp, then stop looping, but images and css files cannot come thru. Anyone has a filter to spare?

UserSecurity

/*.jsf

Anyone can help? Patrick Haggood wrote: > > Here's a security filter I adapted from a sample on the Java Studio > Creator forum: > > First the web.xml part: > > UserSecurity > tolls.tools.UserSecurityCheckFilter > > > > > > UserSecurity > /user/* > > > Now the filter: > > /* > * UserSecurityCheckFilter.java > * > * Created on 30 December 2004, 23:36 > */ > > package tolls.tools; > > import java.io.IOException; > > import javax.servlet.Filter; > import javax.servlet.FilterChain; > import javax.servlet.FilterConfig; > import javax.servlet.ServletException; > import javax.servlet.ServletRequest; > import javax.servlet.ServletResponse; > import javax.servlet.http.HttpServletRequest; > import javax.servlet.http.HttpServletResponse; > import javax.servlet.http.HttpSession; > > import net.codezilla.trinity.service.LoginBean; > > > /** > * > * @author Jonathan Buckland > * JSC Forums > * http://swforum.sun.com/jive/thread.jspa?messageID=185654 > */ > public class UserSecurityCheckFilter implements Filter { > > private FilterConfig config = null; > private final static String FILTER_APPLIED = > "_security_filter_applied"; > public UserSecurityCheckFilter() { //called once. no method > arguments allowed here! > } > > public void init(FilterConfig conf) throws ServletException { > > } > > public void destroy() { > } > > /** Creates a new instance of SecurityCheckFilter */ > public void doFilter(ServletRequest request, ServletResponse > response, FilterChain chain) > throws IOException, ServletException { > > HttpServletRequest hreq = (HttpServletRequest)request; > HttpServletResponse hres = (HttpServletResponse)response; > HttpSession session = hreq.getSession(); > > String checkforloginpage = hreq.getPathTranslated(); > > //System.out.println("ctext path " + hreq.getContextPath()); > //System.out.println("uri " + hreq.getRequestURI()); > //System.out.println("url " + hreq.getRequestURL()); > //System.out.println("srv path " + hreq.getServletPath()); > //dont filter login.jsp because otherwise an endless loop. > //& only filter .jsp otherwise it will filter all images etc as > well. > if ((request.getAttribute(FILTER_APPLIED) == > null)) //&&(checkforloginpage.endsWith(".jsp"))) > { > request.setAttribute(FILTER_APPLIED, Boolean.TRUE); > > // if all else fails, goto main page > String loginPage="/MateoWeb/MainPage.faces"; > boolean loginStatus=false; > //If the session bean is not null get the login status > LoginBean lbean = > (LoginBean)session.getAttribute("loginbean"); > > // if you can find session, check logins > if(lbean!=null) { > //System.out.println("Checking user login"); > loginStatus=(lbean.isUserLoginStatus()); > } > // System.out.println("Login status " + loginStatus); > // if loginStatus is false for any of these filtered pages, > goto relevant loginform > if(!loginStatus) { > // System.out.println("Redirecting to main page " + > loginPage); > hres.sendRedirect(loginPage); > return; > } > } > //deliver request to next filter > chain.doFilter(request, response); > } > } > > On Wed, 2005-05-11 at 09:30 +0200, hermod.opstvedt@dnbnor.no wrote: >> Hi >> >> Sorry for not answering this before - Been out sailing for some days. >> >> SecurityFilter is SF project. I have been using it in a couple of Struts >> applications, and have now incorporated it into the MyFaces version of >> one of them that I am currently migrating. >> >> Hermod > > > > > > -- View this message in context: http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3799147 Sent from the MyFaces - Users forum at Nabble.com.