aspose file tools*
The moose likes Servlets and the fly likes Using a filter to block access to certain web pages. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Using a filter to block access to certain web pages." Watch "Using a filter to block access to certain web pages." New topic
Author

Using a filter to block access to certain web pages.

Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi Folks,

I'm trying to modify an existing filter that I've written to implement role based access.

Here's the code that I've written . I'm trying to prevent access to a set of pages if the user's role_id isnt 1.It would be great if anyone could help me with it.
Thanks a lot for your time.

Thanks again!


Learning and Learning!-- Java all the way!
Miku Ranjan
Ranch Hand

Joined: Oct 11, 2011
Posts: 98
Hi,
One of easy way for it will be use any security API ( eg. spring security api).
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Im not using any frameworks because of client specifications.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
HttpServletResponse has a method you can call to cause a redirect.
Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

In this post (User Authentication (Filter/Servlet)) I show a way to configure a login using a Filter.

I hope it helps you.


[uaiHebert.com] [Full WebApplication JSF EJB JPA JAAS with source code to download] One Table Per SubClass [Web/JSF]
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Tim Moores wrote:HttpServletResponse has a method you can call to cause a redirect.

If you mean sendRedirect() method , I think I'm already using it.
Let me explain.
My problem now is to block access to users who try to access pages that they dont have rights to, by changing the url in the browser manually. So if anyone could suggest a method that I could write in my filter , the would help prevent access to certain pages that users who dont have the required access rights(given by users whose role_id is not 1).
Hope Im being clear.
Thanks.
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hebert Coelho wrote:In this post (User Authentication (Filter/Servlet)) I show a way to configure a login using a Filter.

I hope it helps you.

I did have a look . However it doesnt seem to address my issue that I have explained above?
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Vic Hood wrote:If you mean sendRedirect() method , I think I'm already using it.

Well, not in the code you posted. It would seem that it needs to go in the spot where you indicated that something is missing.
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Tim Moores wrote:
Vic Hood wrote:If you mean sendRedirect() method , I think I'm already using it.

Well, not in the code you posted. It would seem that it needs to go in the spot where you indicated that something is missing.

Well , just sendRedirect there in the form

This would cause an infinite loop . Could you elaborate your suggestion?
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

I havent really used filters before . So it would be great if someone could point to what Im doing wrong..Or whether my approach is inherently flawed..
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18657
    
    8

Your approach seems fine to me. As for the missing bit of your code: you have access to the request, so you can extract the "page" from the URL. Then you can compare it to the list of allowable pages (where you get this list from and how you do the comparing isn't really a question about filters) and redirect if the page isn't in that list. You already know how to redirect, so I'm not clear on what your problem is now.
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi Paul,
Thanks for reply.
A few questions . How exactly do I extract the page from the URL?
Assuming that I do get access to the page thats requested for from the URL .
Then is my pseudo code below correct?
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

Slightly off-topic, but your doFilter method should end with chain.doFilter(request, response); to allow any other filters to be called as well.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hey Rob,
Thanks for the reply! I just forgot to copy paste the code correctly. I do have the doFilter part in my code.Could anyone helpme with my earlier problem of extracting the requeted url
?
Or should I make a separate topic for that?
Thanks
Vic Hood wrote:Hi Paul,
Thanks for reply.
A few questions . How exactly do I extract the page from the URL?
Assuming that I do get access to the page thats requested for from the URL .
Then is my pseudo code below correct?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18657
    
    8

I don't have access to the servlet API at the moment. I suppose I could google it up, but I assume that you have access to it so you can look at it. Look at the methods for the HttpServletRequest interface and pick one which looks like it should do the trick. Or if none of them strikes your fancy, then pick several of them. Try them to see what they do. (Really I shouldn't have to tell programmers to do this sort of thing.)
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

And to make it easier, just click on the word HttpServletRequest to directly open its Javadoc page.
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Okay I get the point . I will do as suggested .However , I was only looking to confirm whether my approach is correct.Any comments on that would be appreciated.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using a filter to block access to certain web pages.