File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Login filter issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Login filter issue" Watch "Login filter issue" New topic
Author

Login filter issue

Oron Subayi
Greenhorn

Joined: Aug 22, 2011
Posts: 9
Hello
I want to add an auto login check, but not all pages
I read that I should create 2 folders..one for the protected pages (requires login), and another one for the rest of the pages, and then I should set the filter's url-pattern to "/securedFolderName/*"

How can I make the client to insert www.SomeDomain.com/SecuredPage.jsp instead of www.SomeDomain.com/securedFolderName/SecuredPage.jsp, and still going through the filter?

Is there any other way to do it?..maybe to move the authentication responsibility to the controller??..what is the best way?

Thanks : )
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

No you should not move it to the controller.

You set up the mappings, not the client, so I'm not sure what to make of your question.

By the way, you should not be directly addressing JSPs, but rather their page controllers.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Oron Subayi
Greenhorn

Joined: Aug 22, 2011
Posts: 9
Bear Bibeault wrote:No you should not move it to the controller.

You set up the mappings, not the client, so I'm not sure what to make of your question.

By the way, you should not be directly addressing JSPs, but rather their page controllers.


Lets say that I have a filter with url-pattern = "/*" --> pages like login.jsp & home.jsp will go through the filter, even though they shouldn't
If I have a filter with url-pattern = "/SecuredPages/*" --> www.DomainName.com/SomeSecuredPage.jsp won't go through the filter

Am I right?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

Correct. But if you are addressing JSPs directly with URLs, you are not following best practices. Perhaps this article will help.

If your always hit a servlet (page controller), you have complete control over the mapping of the URLs.
Oron Subayi
Greenhorn

Joined: Aug 22, 2011
Posts: 9
Bear Bibeault wrote:Correct. But if you are addressing JSPs directly with URLs, you are not following best practices. Perhaps this article will help.

If your always hit a servlet (page controller), you have complete control over the mapping of the URLs.


Thanks for the article..
I've already read about the Front Controller Pattern, and I wrote "Command" interface, and I also have the controller itself..all done before the question : )
The problem is that the filter works before the controller gets the request

I want the client to request "www.SomeDomain.com/SecuredPage.jsp" or "www.SomeDomain.com/NonSecuredPage.jsp", and make the filter work only on the secured one

I'm sure there is a very small thing I miss
Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1510
Like Bear said, regardless of which url is requested, route the request tot he controller first, then the controller will forward to an appropriately mapped resource and the filter should be able to execute against the correct URL based on the mapping. I am sure Bear and others can explain better than I did.


Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
Oron Subayi
Greenhorn

Joined: Aug 22, 2011
Posts: 9
Bosun Bello wrote:Like Bear said, regardless of which url is requested, route the request tot he controller first, then the controller will forward to an appropriately mapped resource and the filter should be able to execute against the correct URL based on the mapping. I am sure Bear and others can explain better than I did.


OK so let me see if I understand your idea
I configure a filter with url-pattern="/Secured/*"
The request goes to the controller, which has some list of pages that should be (or not) authorized..lets say I have a file that has the data
The controller checks if the page is on the list, and if it does, it creates a URL that matches the filter pattern, and forward the request
If I do this (assuming I understand the idea) , I have a problem to go back to the front controller, because it will create a loop between the controller and the filter, unless the filter adds more data that says "this page was checked" or something like that..
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Well, yes, you could certainly put a "checked" attribute into the request context.

However it's also possible in recent versions of the servlet spec to be able to say whether a filter applies to requests or includes or forwards separately, so you could exempt pages you forward to from this filter.

However I think the best strategy would be for the controller to forward to a JSP in a folder under the WEB-INF directory. Such a JSP wouldn't match that URL pattern so it wouldn't be processed by that filter.
Oron Subayi
Greenhorn

Joined: Aug 22, 2011
Posts: 9
Paul Clapham wrote:
However I think the best strategy would be for the controller to forward to a JSP in a folder under the WEB-INF directory. Such a JSP wouldn't match that URL pattern so it wouldn't be processed by that filter.


I'm sorry..I didn't understand the JSP responsibility in the solution, how the control goes back to the controller, and how the filter involved..
Too blurry for me : )

Thanks
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Login filter issue
 
Similar Threads
Set user principal in a filter
Odd problem with RichFaces and Servlet Filter
servlet filters and request headers
Stripes bugzooky walkthrough?
Storing pages a user can access