aspose file tools*
The moose likes Servlets and the fly likes Using a Filter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Using a Filter" Watch "Using a Filter" New topic
Author

Using a Filter

Corey McGlone
Ranch Hand

Joined: Dec 20, 2001
Posts: 3271
Perhaps someone here can give me a hand with this because I'm afraid I've run into a bit of a wall on this one.

I'm working on a web application which uses multiple JSP pages. However, in order for these pages to work properly the user must first come through a single "setup" screen in which they select the site they would like to administer. Without first selecting a site, the other pages won't be able to function.

So, my ideal goal would be to redirect the user back to that "setup" screen any time they try accessing another one of the pages. I thought a Filter would be a perfect way to set this up because I could simply map that filter to the URL patterns for my various JSP pages and I could write the code to check for a selected site and redirect the user in one place. Unfortunately, despite my plan, things aren't going so smoothly.

First, I wrote a very simple filter that looked like this (this was within the doFilter method):



That code is pretty simple. It just checks for a value in the session and, if it isn't there, it redirects the user back to the home page for the application. Unfortunately, it doesn't work. If I try to execute this, I get an error like this:



I'm not quite certain what's happening here. I was hoping that I could capture the request and re-route it before it ever reached the JSP the user had requested. Instead, I get an error as if there are two places where a response is being created.

I tried putting the redirect after the "chain.doFilter(req, resp);" and that only led to another error message. I've been reading through "Head First Servlets and JSP" about creating custom Request and Response objects but, in all honesty, I'd read less confusing things in the past.

Anyone out there able to shed a bit of enlightenment on what's going on here and give me some direction. If I could more clearly understand what was going on, I could probably make more headway.

Thanks,
Corey


SCJP Tipline, etc.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60059
    
  65

That is odd. As far as I can tell, there's nothing wrong with your reasoning. I use this pattern all the time to make sure that users are logged in before letting them into the site. The one difference is that the URLs never directly reference a JSP (I always go through a servlet controller), but that shouldn't make any difference. The filter should be invoked before anything gets a chance to write to the response.

Are there other filters that could be gumming up the works?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Corey McGlone
Ranch Hand

Joined: Dec 20, 2001
Posts: 3271
Originally posted by Bear Bibeault:
I use this pattern all the time to make sure that users are logged in before letting them into the site. The one difference is that the URLs never directly reference a JSP (I always go through a servlet controller)...Are there other filters that could be gumming up the works?


Well, this is very related. There is one other filter being used, written by someone on a different team. That filter is used to authenticate the user and pull various bits of information about the user so that we can use it in our application without having to write the code to do so ourselves.

The problem with that filter is that it simply sends the user on to whatever page they requested in the first place. So, if the user requested some "internal" page, rather than the normal main page, they'd be able to get there after authentication, even if the user hadn't yet selected a site.

My approach was to put my filter on all of the pages/struts actions in my application. If a site wasn't selected, the user would be sent to the index page, which has the authentication filter on it. If the user was not yet authenticated, they'd be asked to do so and then forwarded on to the entry page. If the user had already authenticated, they'd simply go on to the entry page without authenticating, but I doubt that would ever be the case.

Realistically, I don't know why a user would ever try to access an "inner" page without first going through the entry page but, nonetheless, I'd like to prevent them from doing so in the case that they would try. If they could, I'm almost certain they could find a way to do something evil. :roll:

I don't believe the other filter is "in the way" as I'm not being sent to the authentication page and that's what that filter is designed to do. I'm just thoroughly confused on this one.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You're using your filter to block a request.
You'll want to either forward and return OR doChain...

Try:


OR


[ February 18, 2005: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60059
    
  65

Doh! I missed that too! Good catch Ben.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using a Filter
 
Similar Threads
Filter Problem
Why get IllegalStateException when redirect in Servlet Filter?
JSF Filter prevent direct access certain page
request does not pass to action
HELP - Question on Tomcat Connector ISAPI Filter for authentication on IIS