• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using a filter to block access to certain web pages.

 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Folks,

I'm trying to modify an existing filter that I've written to implement role based access.

Here's the code that I've written . I'm trying to prevent access to a set of pages if the user's role_id isnt 1.It would be great if anyone could help me with it.
Thanks a lot for your time.

Thanks again!
 
Miku Ranjan
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
One of easy way for it will be use any security API ( eg. spring security api).
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Im not using any frameworks because of client specifications.
 
Tim Moores
Bartender
Posts: 2751
38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HttpServletResponse has a method you can call to cause a redirect.
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In this post (User Authentication (Filter/Servlet)) I show a way to configure a login using a Filter.

I hope it helps you.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Moores wrote:HttpServletResponse has a method you can call to cause a redirect.

If you mean sendRedirect() method , I think I'm already using it.
Let me explain.
My problem now is to block access to users who try to access pages that they dont have rights to, by changing the url in the browser manually. So if anyone could suggest a method that I could write in my filter , the would help prevent access to certain pages that users who dont have the required access rights(given by users whose role_id is not 1).
Hope Im being clear.
Thanks.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hebert Coelho wrote:In this post (User Authentication (Filter/Servlet)) I show a way to configure a login using a Filter.

I hope it helps you.

I did have a look . However it doesnt seem to address my issue that I have explained above?
 
Tim Moores
Bartender
Posts: 2751
38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vic Hood wrote:If you mean sendRedirect() method , I think I'm already using it.

Well, not in the code you posted. It would seem that it needs to go in the spot where you indicated that something is missing.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Moores wrote:
Vic Hood wrote:If you mean sendRedirect() method , I think I'm already using it.

Well, not in the code you posted. It would seem that it needs to go in the spot where you indicated that something is missing.

Well , just sendRedirect there in the form

This would cause an infinite loop . Could you elaborate your suggestion?
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I havent really used filters before . So it would be great if someone could point to what Im doing wrong..Or whether my approach is inherently flawed..
 
Paul Clapham
Sheriff
Posts: 20983
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your approach seems fine to me. As for the missing bit of your code: you have access to the request, so you can extract the "page" from the URL. Then you can compare it to the list of allowable pages (where you get this list from and how you do the comparing isn't really a question about filters) and redirect if the page isn't in that list. You already know how to redirect, so I'm not clear on what your problem is now.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Paul,
Thanks for reply.
A few questions . How exactly do I extract the page from the URL?
Assuming that I do get access to the page thats requested for from the URL .
Then is my pseudo code below correct?
 
Rob Spoor
Sheriff
Pie
Posts: 20512
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Slightly off-topic, but your doFilter method should end with chain.doFilter(request, response); to allow any other filters to be called as well.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Rob,
Thanks for the reply! I just forgot to copy paste the code correctly. I do have the doFilter part in my code.Could anyone helpme with my earlier problem of extracting the requeted url
?
Or should I make a separate topic for that?
Thanks
Vic Hood wrote:Hi Paul,
Thanks for reply.
A few questions . How exactly do I extract the page from the URL?
Assuming that I do get access to the page thats requested for from the URL .
Then is my pseudo code below correct?
 
Paul Clapham
Sheriff
Posts: 20983
31
Eclipse IDE Firefox Browser MySQL Database
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't have access to the servlet API at the moment. I suppose I could google it up, but I assume that you have access to it so you can look at it. Look at the methods for the HttpServletRequest interface and pick one which looks like it should do the trick. Or if none of them strikes your fancy, then pick several of them. Try them to see what they do. (Really I shouldn't have to tell programmers to do this sort of thing.)
 
Rob Spoor
Sheriff
Pie
Posts: 20512
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And to make it easier, just click on the word HttpServletRequest to directly open its Javadoc page.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay I get the point . I will do as suggested .However , I was only looking to confirm whether my approach is correct.Any comments on that would be appreciated.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic