aspose file tools*
The moose likes Servlets and the fly likes Specify servlet filter to include all but one file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Specify servlet filter to include all but one file" Watch "Specify servlet filter to include all but one file" New topic
Author

Specify servlet filter to include all but one file

B Mayes
Ranch Hand

Joined: Apr 28, 2010
Posts: 47

Hi everyone,

I'm working on setting up a security filter (to test if userid == null, then the user will be redirected back to the login page). I am working on the filter right now, but I'm curious how to define the correct filter-mapping. Basically, I have several jsp files in the same directory, but one is login.jsp and I don't want the filter to apply to that page because clearly the userid isn't yet specified when you hit the login page. So I can't use this:




Is there a way to define the url-pattern so that it applies to every jsp file EXCEPT for login.jsp? I'm not the best with regular expressions so if I were going to do an ls command or something, I would just grep *.jsp and then pipe that into a grep -v like this:




It's probably not the most efficient or elegant solution but it works there. Unfortunately, I think I need to specify everything in the <url-pattern> tags with a single regex. Can anyone tell me how to accomplish that? Is it possible specify something in there like !(login)*.jsp??
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

I am not sure of the best way to do what you are asking in the web.xml - however, you could conceivably have your filter check to see if the request is for "login.jsp", and simply do nothing other than call chain.doFilter() in such a case. I think this would achieve what you're looking to do, if not in the location you are attempting to do it.


OCPJP
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60050
    
  65

You could use an init parameter on the filter to specify an exclusion list.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
B Mayes
Ranch Hand

Joined: Apr 28, 2010
Posts: 47

Thanks for the replies folks. Correct me if I am wrong, but are you both actually suggesting the same thing just in different words? Please understand this is uncharted territory for me here. While I am quite proficient in Java (J2SE anyway) I have never used any servlet filters before and have never really done any J2EE stuff at all until getting my most recent job a few weeks ago. From what I am reading on google it sort of seems like I need to pull the value of the servlet being requested out of the HttpServletRequest object and check to see if it's "/login.jsp" or not. Furthermore, Bear is simply suggesting that I place the value of login.jsp into an <init-param> instead of hard-coding the string "/login.jsp" -- is that correct or no?

So would something like this work?




It seems to me like Bear's suggestion is to add an instance variable to the class and then inside of init() I would save the value returned by config.getInitParameter() into my String instance variable (which should be "/login.jsp"). Then inside of the doFilter() method I would just have an if test comparing file and my instance variable instead of comparing it to the literal "/login.jsp" ...is that right?

In any case I'll try this out when I get back to work next week. Thanks again!
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

Correct me if I am wrong, but are you both actually suggesting the same thing just in different words?


I think that's pretty much correct (I'm sure Bear will correct me if I'm wrong here). I am suggesting that your filter "handles" requests to login.jsp by simply ignoring them and letting them pass without any intervention by the filter. Bear is making an additional design suggestion (a good one) to use a variable to hold an exclusion list, rather than hard coding "login.jsp" into the filter.

I think the ultimate point is that if the filter-mapping facility of the web container doesn't give you enough control, you still have the ability to do a lot more fine-grain inspection of the Request object within the Filter code itself. The Filter can always decline from taking any action.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60050
    
  65

B Mayes
Ranch Hand

Joined: Apr 28, 2010
Posts: 47

Hooray...it works! There are some other problems that prevent this from working yet but they are specific to the application that I am working on. I can at least see that the filter code is working correctly though. Thanks guys!

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Specify servlet filter to include all but one file
 
Similar Threads
Filter Problems in Web.xml
how to redirect to success page in tomcat using its lapd configuration
struts 1.3 session authorization filter
Struts Filter in Web.xml
Sitemesh doesnt decorate any pages after action class is called