Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Login filter issue

 
Oron Subayi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello
I want to add an auto login check, but not all pages
I read that I should create 2 folders..one for the protected pages (requires login), and another one for the rest of the pages, and then I should set the filter's url-pattern to "/securedFolderName/*"

How can I make the client to insert www.SomeDomain.com/SecuredPage.jsp instead of www.SomeDomain.com/securedFolderName/SecuredPage.jsp, and still going through the filter?

Is there any other way to do it?..maybe to move the authentication responsibility to the controller??..what is the best way?

Thanks : )
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64833
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No you should not move it to the controller.

You set up the mappings, not the client, so I'm not sure what to make of your question.

By the way, you should not be directly addressing JSPs, but rather their page controllers.
 
Oron Subayi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:No you should not move it to the controller.

You set up the mappings, not the client, so I'm not sure what to make of your question.

By the way, you should not be directly addressing JSPs, but rather their page controllers.


Lets say that I have a filter with url-pattern = "/*" --> pages like login.jsp & home.jsp will go through the filter, even though they shouldn't
If I have a filter with url-pattern = "/SecuredPages/*" --> www.DomainName.com/SomeSecuredPage.jsp won't go through the filter

Am I right?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64833
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Correct. But if you are addressing JSPs directly with URLs, you are not following best practices. Perhaps this article will help.

If your always hit a servlet (page controller), you have complete control over the mapping of the URLs.
 
Oron Subayi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:Correct. But if you are addressing JSPs directly with URLs, you are not following best practices. Perhaps this article will help.

If your always hit a servlet (page controller), you have complete control over the mapping of the URLs.


Thanks for the article..
I've already read about the Front Controller Pattern, and I wrote "Command" interface, and I also have the controller itself..all done before the question : )
The problem is that the filter works before the controller gets the request

I want the client to request "www.SomeDomain.com/SecuredPage.jsp" or "www.SomeDomain.com/NonSecuredPage.jsp", and make the filter work only on the secured one

I'm sure there is a very small thing I miss
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Like Bear said, regardless of which url is requested, route the request tot he controller first, then the controller will forward to an appropriately mapped resource and the filter should be able to execute against the correct URL based on the mapping. I am sure Bear and others can explain better than I did.
 
Oron Subayi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bosun Bello wrote:Like Bear said, regardless of which url is requested, route the request tot he controller first, then the controller will forward to an appropriately mapped resource and the filter should be able to execute against the correct URL based on the mapping. I am sure Bear and others can explain better than I did.


OK so let me see if I understand your idea
I configure a filter with url-pattern="/Secured/*"
The request goes to the controller, which has some list of pages that should be (or not) authorized..lets say I have a file that has the data
The controller checks if the page is on the list, and if it does, it creates a URL that matches the filter pattern, and forward the request
If I do this (assuming I understand the idea) , I have a problem to go back to the front controller, because it will create a loop between the controller and the filter, unless the filter adds more data that says "this page was checked" or something like that..
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, yes, you could certainly put a "checked" attribute into the request context.

However it's also possible in recent versions of the servlet spec to be able to say whether a filter applies to requests or includes or forwards separately, so you could exempt pages you forward to from this filter.

However I think the best strategy would be for the controller to forward to a JSP in a folder under the WEB-INF directory. Such a JSP wouldn't match that URL pattern so it wouldn't be processed by that filter.
 
Oron Subayi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:
However I think the best strategy would be for the controller to forward to a JSP in a folder under the WEB-INF directory. Such a JSP wouldn't match that URL pattern so it wouldn't be processed by that filter.


I'm sorry..I didn't understand the JSP responsibility in the solution, how the control goes back to the controller, and how the filter involved..
Too blurry for me : )

Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic