I am working on a simple filter: To keep my webapp only accessible to logged in users. for that i designed a simple filter which is not working as it should. I need some ideas on how to refine it more so its more robust. And the reason why i designed it doesnt really gets acheieved some how:
What this does is It checks for a loginbean and if it exists that means the persons logged in. Now, when the user comes in the first time this filter also runs at that point he doesnt have any session nor the bean in the session. so i just route him to login.jsp, If there is a session means that he is probably trying to log in and will not hve a login bean. this is giving me problems. Is there a way that I can only run this filter after the user has logged in. Also, when i try to access a url from browser after logging out, it doesnot give me any issues, it loads up the page, In log out i have removed the login bean and invalidated the session. There is no way i can remove or destory the sesssion at logout. so when it comes to the filter the session is still there and calls the login action class where it is designed to throw the user with errors on the login page but it doesnt.
Can any one see what i am doing wrong or how to make it more robust to not let any user access any urls without logging in.