Using a filter to secure a set of servlets.

Hi,
Im trying to use a filter to secure my application. And I've configured my web.xml with the following mapping .
<filter-mapping> <filter-name>MemberLoginFilter</filter-name> <url-pattern>/pages/*</url-pattern> </filter-mapping>
This secures all the jsp pages in the pages folder.The filter checks for user credentials from the session.
However , I'm not being able to secure my servlets and as my pages are redirected through them after submit , it becomes easy for a person not logged in to view the state of the previous user through the servlet . I try to do this
<filter-mapping> <filter-name>MemberLoginFilter</filter-name> <url-pattern>/pages/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>MemberLoginFilter</filter-name> <servlet-name>a.b.c.*</servlet-name> </filter-mapping>
where where the package a.b.c contains all my servlets that need secure access. However cant seem to get it to work.
Any help would be appreciated.

If you set all your Servlet's URL-Patterns as "/secure/ServletName" then you can ensure that the Servlets are now only accessible via a URL that passes through the login filter.

This is what I have got set up recently and it works great.

Just using the word "secure" won't accomplish anything.

What's missing from the original post is how the servants are mapped. Matching the filter to the servlet mapping is what will accomplish the task.

Should have been a little more descriptive....

If you have something like this it will work as you have explained

<filter-mapping> <filter-name>MemberLoginFilter</filter-name> <url-pattern>/secure/*</url-pattern> </filter-mapping> <servlet> <servlet-name>YourServlet</servlet-name> <servlet-class>yourpackage.YourServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>YourServlet</servlet-name> <url-pattern>/secure/yourservlet</url-pattern> </servlet-mapping>

Hi All,
Thank you for your replies!
Here's what I've done to secure the servlets
WEB.XML
<servlet> <description></description> <display-name>ConsumptionSearchServlet</display-name> <servlet-name>ConsumptionSearchServlet</servlet-name> <servlet-class>com.enzen.cis.dao.ConsumptionSearchServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ConsumptionSearchServlet</servlet-name> <url-pattern>/secure/ConsumptionSearchServlet</url-pattern> </servlet-mapping> ... <filter> <description>Acts as an authentication filter to all secure pages.</description> <display-name>MemberLoginFilter</display-name> <filter-name>MemberLoginFilter</filter-name> <filter-class>com.enzen.cis.open.MemberLoginFilter</filter-class> </filter> <filter-mapping> <filter-name>MemberLoginFilter</filter-name> <url-pattern>/pages/*</url-pattern> <url-pattern>/secure/*</url-pattern> </filter-mapping>
However I now get a 404 error , when I try to access the servlet , any idea what could be missing?

Just an update , I tried modifying the filter mapping to the form below.
... <servlet-mapping> <servlet-name>ConsumptionSearchServlet</servlet-name> <url-pattern>/secure/ConsumptionSearchServlet</url-pattern> </servlet-mapping> .... <filter-mapping> <filter-name>MemberLoginFilter</filter-name> <url-pattern>/pages/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>MemberLoginFilter</filter-name> <url-pattern>/secure/*</url-pattern> </filter-mapping>
But the 404 still persists. Could anyone point out what could be going wrong here? Thanks in advance