aspose file tools*
The moose likes Servlets and the fly likes Using a filter to secure a set of servlets. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Using a filter to secure a set of servlets." Watch "Using a filter to secure a set of servlets." New topic
Author

Using a filter to secure a set of servlets.

Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi,
Im trying to use a filter to secure my application. And I've configured my web.xml with the following mapping .

This secures all the jsp pages in the pages folder.The filter checks for user credentials from the session.
However , I'm not being able to secure my servlets and as my pages are redirected through them after submit , it becomes easy for a person not logged in to view the state of the previous user through the servlet . I try to do this

where where the package a.b.c contains all my servlets that need secure access. However cant seem to get it to work.
Any help would be appreciated.


Learning and Learning!-- Java all the way!
Michael Cropper
Ranch Hand

Joined: Sep 30, 2009
Posts: 137
If you set all your Servlet's URL-Patterns as "/secure/ServletName" then you can ensure that the Servlets are now only accessible via a URL that passes through the login filter.

This is what I have got set up recently and it works great.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

Just using the word "secure" won't accomplish anything.

What's missing from the original post is how the servants are mapped. Matching the filter to the servlet mapping is what will accomplish the task.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Michael Cropper
Ranch Hand

Joined: Sep 30, 2009
Posts: 137
Should have been a little more descriptive....

If you have something like this it will work as you have explained

Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi All,
Thank you for your replies!
Here's what I've done to secure the servlets
WEB.XML

However I now get a 404 error , when I try to access the servlet , any idea what could be missing?
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Just an update , I tried modifying the filter mapping to the form below.

But the 404 still persists. Could anyone point out what could be going wrong here? Thanks in advance
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using a filter to secure a set of servlets.