File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Filter has Exclude url-pattern ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Filter has Exclude url-pattern ?" Watch "Filter has Exclude url-pattern ?" New topic
Author

Filter has Exclude url-pattern ?

Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
I am trying to implement a simple AuthFilter so that basically, all it does is check to see if the user is logged in and if not, redirects to the login page.

However, there are both "public" and "protected" resources in my webapp, where the public resources will not use AuthFilter , while the protected resources need the AuthFilter.

e.g.
public resources : URL-pattern = /welcome.do
protected resources: URL-pattern =/*.do



How can I just EXCLUDE the /welcome.do url-pattern to be intercepted by the Filter ?

I would like to know what other people have done in regards to this issue.

Thanks.


Vince Hon<br /> <br />SCJP 1.4 | SCWCD | SCBCD <br /><a href="http://vincehon.homeip.net:8000/VJW" target="_blank" rel="nofollow">http://vincehon.homeip.net:8000/VJW</a>
sawan parihar
Ranch Hand

Joined: Aug 24, 2004
Posts: 250
Hi,
Have the mapping in this order and it will work

<filter-mapping>
<filter-name>NormalAccessFilter</filter-name>
<url-pattern/welcome.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*.do</url-pattern>
</filter-mapping>

The request that will have /welcome will be server by the NormalAccessFilter. And the requests that need authorization will be server by AuthFilter.


Sawan<br />SCJP,SCWCD,SCBCD<br /> <br />Every exit is an entry somewhere.
Anand Wadhwani
Ranch Hand

Joined: Mar 21, 2005
Posts: 151
Hi Vince,


How can I just EXCLUDE the /welcome.do url-pattern to be intercepted by the Filter ?


You can use request.getServletPath() function to see if resource "/welcome.do" is being accessed, if so just invoke the regular filterchain else check for auth token (cookie/session attribute - whichever way you have implemented it) if auth token available continue with filtechain else redirect to login page.

If you want to avoid hard coding in your filter then probably the option suggested by sawan is a good option.

Hope this helps.


SCWCD 1.4<br />---------------------<br />Ability is what you're capable of. <br />Motivation determines what you do. <br />Attitude determines how well you do it.<br />---------------------
Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
Thanks Sawan and Anand.
It works now
Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117

<filter-mapping>
<filter-name>NormalAccessFilter</filter-name>
<url-pattern/welcome.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*.do</url-pattern>
</filter-mapping>


sorry, Sawan, this will caused error due to

even if I changed it to
,

"welcome.do" will be served by NormalAccessFilter THEN AuthenFilter
sawan parihar
Ranch Hand

Joined: Aug 24, 2004
Posts: 250
Hello Vince,

"welcome.do" will be served by NormalAccessFilter THEN AuthenFilter


Only if you call them in chain. FilterChain.doFilter() else it shouldn't.




Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
Thanks, I got what you mean. This means just add a "dummy" filter that end the filter chain.
Radmika Arunachalam
Ranch Hand

Joined: Mar 29, 2004
Posts: 45
sawan,
if u dont call FilterChain.doFilter(), then servlet or JSP mapped for /welcome.do won't be invoked right.. is that what u are looking for Vince?

Correct me if i am wrong...

Radmika,
SCJP, SCBCD, SCWCD (Preparing)
sawan parihar
Ranch Hand

Joined: Aug 24, 2004
Posts: 250
if u dont call FilterChain.doFilter(), then servlet or JSP mapped for /welcome.do won't be invoked right.. is that what u are looking for Vince?


If a request maps to two url pattern (/*.do and /welcome.do in our case) all the requests that come for /welcome.do will invoke NormalAccessFilter and if in this filter we are calling FilterChain.doFilter() then only the filters will be called in the chain.

Hope that helps.
Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
Sawan, I got some confusion, I conclude my requirement:

*.do (except welcome.do) --> intercepted by AuthenFilter
welcome.do --> don't intercepted by AuthenFilter



In this case, "welcome.do" will be served by NormalAccessFilter THEN AuthenFilter.

If I don't call FilterChain.doFilter() in the NormalAccessFilter, then welcome.do will not be invoked, this is NOT I wanted.
sawan parihar
Ranch Hand

Joined: Aug 24, 2004
Posts: 250
Hello Vince,
I should have explained this in more detail . There are many ways to implement this but the way I was suggesting is :

<filter-mapping>
<filter-name>NormalAccessFilter</filter-name>
<url-pattern/welcome.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*.do</url-pattern>
</filter-mapping>


When the request for /welcome.do will come it will be intercepted by NormalAccessFilter. As this filter is not calling others in chain here you can dispatch the request to any resource that you want. That means in normal access filter you can dispatch to /welcome.do and it will work. Sorry, I forgot to mention that you need to dispatch the request in my previous posts.

For the second case all other requests will be intercepted by AuthFilter which you call this in chain so that you don't need to dispatch to any other resource.

Hope it is clear.
Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
Thanks Sawan, I finally got the solution:


When the request for /welcome.do will come it will be intercepted by NormalAccessFilter. As this filter is not calling others in chain here you can dispatch the request to any resource that you want. That means in normal access filter you can dispatch to /welcome.do and it will work


My understanding:

Treat NormalAccessFilter as a filter that /* stop any follow filter chain and dispatch to the request resource directly */.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Filter has Exclude url-pattern ?
 
Similar Threads
XPath problem: can't resolve path
what is displaytag filter. How is it used ?
filter-mapping excludes?
t:inputCalendar in JSF having probelms with Tomahawk1.1.3
User filter