• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Specify servlet filter to include all but one file

 
Ranch Hand
Posts: 47
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone,

I'm working on setting up a security filter (to test if userid == null, then the user will be redirected back to the login page). I am working on the filter right now, but I'm curious how to define the correct filter-mapping. Basically, I have several jsp files in the same directory, but one is login.jsp and I don't want the filter to apply to that page because clearly the userid isn't yet specified when you hit the login page. So I can't use this:




Is there a way to define the url-pattern so that it applies to every jsp file EXCEPT for login.jsp? I'm not the best with regular expressions so if I were going to do an ls command or something, I would just grep *.jsp and then pipe that into a grep -v like this:




It's probably not the most efficient or elegant solution but it works there. Unfortunately, I think I need to specify everything in the <url-pattern> tags with a single regex. Can anyone tell me how to accomplish that? Is it possible specify something in there like !(login)*.jsp??
 
Ranch Hand
Posts: 147
Eclipse IDE Tomcat Server Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am not sure of the best way to do what you are asking in the web.xml - however, you could conceivably have your filter check to see if the request is for "login.jsp", and simply do nothing other than call chain.doFilter() in such a case. I think this would achieve what you're looking to do, if not in the location you are attempting to do it.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could use an init parameter on the filter to specify an exclusion list.
 
B Mayes
Ranch Hand
Posts: 47
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the replies folks. Correct me if I am wrong, but are you both actually suggesting the same thing just in different words? Please understand this is uncharted territory for me here. While I am quite proficient in Java (J2SE anyway) I have never used any servlet filters before and have never really done any J2EE stuff at all until getting my most recent job a few weeks ago. From what I am reading on google it sort of seems like I need to pull the value of the servlet being requested out of the HttpServletRequest object and check to see if it's "/login.jsp" or not. Furthermore, Bear is simply suggesting that I place the value of login.jsp into an <init-param> instead of hard-coding the string "/login.jsp" -- is that correct or no?

So would something like this work?




It seems to me like Bear's suggestion is to add an instance variable to the class and then inside of init() I would save the value returned by config.getInitParameter() into my String instance variable (which should be "/login.jsp"). Then inside of the doFilter() method I would just have an if test comparing file and my instance variable instead of comparing it to the literal "/login.jsp" ...is that right?

In any case I'll try this out when I get back to work next week. Thanks again!
 
Pete Nelson
Ranch Hand
Posts: 147
Eclipse IDE Tomcat Server Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Correct me if I am wrong, but are you both actually suggesting the same thing just in different words?



I think that's pretty much correct (I'm sure Bear will correct me if I'm wrong here). I am suggesting that your filter "handles" requests to login.jsp by simply ignoring them and letting them pass without any intervention by the filter. Bear is making an additional design suggestion (a good one) to use a variable to hold an exclusion list, rather than hard coding "login.jsp" into the filter.

I think the ultimate point is that if the filter-mapping facility of the web container doesn't give you enough control, you still have the ability to do a lot more fine-grain inspection of the Request object within the Filter code itself. The Filter can always decline from taking any action.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
 
B Mayes
Ranch Hand
Posts: 47
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hooray...it works! There are some other problems that prevent this from working yet but they are specific to the application that I am working on. I can at least see that the filter code is working correctly though. Thanks guys!

 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic