Filter to check if user is logged in

hi,

I wrote a simple request filter to check if the user is logged in before he can access any JSP page. I mapped the filter to the action servlet. Now the problem is that the filter works even when the login action is called. So it keeps directing the user to the login page. How do I prevent the filter from acting when the action is a login action ?

My filter code is as follows.

public class LoginFilter implements Filter { private FilterConfig config = null; public void init (FilterConfig config) throws ServletException{ this.config = config; } public void destroy(){ config = null; } public void doFilter(ServletRequest request,ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; HttpSession session = req.getSession(); String loginStatus = (session.getAttribute("loginStatus") == null) ? "" : (String)session.getAttribute("loginStatus"); if(loginStatus.equals("LOGGED")){ chain.doFilter(req, response); }else{ res.sendRedirect("enteruser.do"); } } }

Hey dude. The problem is that your mapping for your filter is probably not optimally setup. Right now it sounds like you have the mapping set to run the filter on every page/action. For something like a login action, you probably want to make that a "public" action which can be run without the filter being run.

Make sense?

Post your mapping for the filter.

That makes sense, but how do you map the actions selectively ?
I'm mapping to the action servlet itself.
My filter mapping is as follows.

<filter-mapping>
<filter-name>LoginFilter</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>

Thanks
Devi

You have access to the request object in your filter code. Use the getRequestURL method to see if the URL in the request ends with "login.do". If it does, allow the request to pass without a valid login.

Thanks for that tip. It worked fine.

-Devi