wood burning stoves 2.0*
The moose likes JSF and the fly likes Servletfilter skip filterchain JSF method not executed Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Servletfilter skip filterchain JSF method not executed" Watch "Servletfilter skip filterchain JSF method not executed" New topic
Author

Servletfilter skip filterchain JSF method not executed

Kevin Krautwurst
Greenhorn

Joined: Oct 11, 2009
Posts: 2
Hi I got a problem with some filter logic.

I have a webapplication with a Springs CAS Filter (Servletfilter) mapped to "/*" (I can't change this setting due to the specifications of the project. So, due to the * mapping every request is forwarded to the CAS Authentication page (so far so good).

My task is to build a second login for administrators which should not interact with the CAS-Authentication. So I programmed a second Filter (Adminfilter) and in the end I am here with the following filter mapping (in this order).

1. /admin/* (Everyadmin request should be handled by the Adminfilter)
2. /* (General requests should be handled by the CAS Filter)

If the url /admin is used my Adminfilter redirects to the admin login (no chain.do is processed just a redirect). So far so good. But the login page is bound to a JSF-Request Bean actionMethod for the admin login. As you might conclude after the login request is send the Adminfilter is processed, but if I don't execute chain.do the request is cancelled at that point and the JSF function will not be processed. But if I do chain.do the cas Filter is executed (which I don t want to be happen).

PROBLEM:
I need a way to skip the filter chain. Filter A is executed and should finish afterwards but I don't want to cancel the request. All following Filters should not be executed!

Hope you got some ideas on my problem since I am stuck here for now.

Regards
Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
One possible solution
1) After 'admin' is successfully logged in, add the 'admin' user to the session (some flag,and/or admin user details).
2) Add another filter to bypass cas login if admin is logged in. (check the session variable)

haven't give it a lot of thought, but can work I feel
Just recognized, my solution will not work .. unless you also modify the CAS filter (source code)
Kevin Krautwurst
Greenhorn

Joined: Oct 11, 2009
Posts: 2
Hi,

today I figured it out somehow. I came up with the idea of using a RequestDispatch to forward the requestURI taken from the request (sth like RequestDispatcher rd = request.getRequestDispatcher(request.getRequestURI()); rd.forward();

That works since the request is forwarded to the actual requested URL .... and the controller method is also invoked cause the request wasn't cancelled.

Kavita Tipnis
Ranch Hand

Joined: Sep 21, 2008
Posts: 177
Ahh, that's neat, I had used RequestDispatcher but I did not remember that!
 
 
subject: Servletfilter skip filterchain JSF method not executed
 
Similar Threads
Best practice for secure login authorisation
Servlet filter not getting invoked
how to redirect to success page in tomcat using its lapd configuration
Is here anyone have used the Yale's CAS SSO solution?pls help me,I am in puzzle!
Filtering Question