I am trying to implement a simple Filter so that basically, all it does is check to see if the user is logged in and if not, redirects to the login page. The problem I having is trying to figure out a clean way of enforcing this filter on secure pages but not on public pages like index, login, etc. My filter works, but right now, everything goes through the filter, thus, I get in crazy continuous loops when redirecting and forwarding. I would like to know what other people have done in regards to this issue. Thanks.
I've thought about this in the past and can think of one possible solution. In a seperate file, have a delimited list of URLs that are excluded. In the Filter's init() method, read those URLs into a HashMap. Look at the URL of the current Request. If it has an entry in the HashMap, just call Chain.doFilter without doing any work. Basically it's an exlusion file that you have to create, init and check for explicitly. Most likely, the method you need is only available in HttpServletRequest, not ServletRequest. You will probably have to cast the ServletRequest to an HttpServletRequest instance. This should not be a problem, but double check.