File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes filter for authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "filter for authentication" Watch "filter for authentication" New topic

filter for authentication

april hobart

Joined: Oct 12, 2005
Posts: 1
I am trying to create a site that uses a login process. I have already gotten hibernate to work and am recieving a valid login from my database. I need to put a filter in to check if a user is logged in. If they are not redirct the user back to the sign in page. How do I check to see if they have a valid login? I shouldn't have to do it against the database if I am doing that in the Login Servlet or should I? My servlet gets a hibernate session does a specific query, places the results into a list and then the results are placed into a http session. here is my doFilter code:

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
logger.debug("Starting doFilter()");

HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;

String email = req.getParameter("email");
String password = req.getParameter("password");

if (email != null && password != null){


How do I check if they are logged in?
Please help
Kerry Wilson
Ranch Hand

Joined: Oct 29, 2003
Posts: 254
Pull the results from the session and redirect if they are not logged in. Remember to return from method when redirecting instead of continuing the chain.
SCJP 1.4
I agree. Here's the link:
subject: filter for authentication
Similar Threads
Filter to check if user is logged in
org.springframework.web.HttpSessionRequiredException: Session attribute 'user' required - not found
if a user enter a website without entering the authentication page how can i redirect
How to know login & logout status of user
Session Management with Ajax