subject:"Defining filters in sub\-directories"

Re: Defining filters in sub-directories

2003-10-23 Thread Tim Funk

You can match a prefix, or a file extension but not both. So you can do this:

filter-mapping
  filter-nameAdminSection/filter-name
  url-pattern/admin/*/url-pattern
/filter-mapping
The Servlet spec has some examples of how URL matching will work.

-Tim

Ryan Parr wrote:
As so many have said before, I'm new to Java and Tomcat. So please
forgive any poor design you see in my code, but please let me know about
it :)
I've created a filter class that handles user authorization. Basically
when a user hits a page the filter is defined for, it checks for a
boolean value in the user's session that describes their access to a
certain auth group.
If the user is not authorized, they are forwarded to a login page
defined as an init-param which handles their authentication for that
group.
This works flawlessly on pages in the root directory, and if I do:
url-pattern/*.jsp/url-pattern
it operates on every file throughout the hierarchy. This isn't what I
wanted so I defined a url exclusion method, that accepts paths and
regular expressions that the filter tests before processing auth.
I setup a new filter for each group/directory. It only works on the
root directory though, and using a url-pattern of /admin/*.jsp doesn't
appear to trigger the filter. It's never run. This happens whether or
not the filter on the root of the context exists.
Thank you very much for any advice you can give!


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Defining filters in sub-directories

2003-10-23 Thread Ryan Parr

On Thu, 2003-10-23 at 04:42, Tim Funk wrote:
 You can match a prefix, or a file extension but not both. So you can do this:
 
 filter-mapping
filter-nameAdminSection/filter-name
url-pattern/admin/*/url-pattern
 /filter-mapping
 
 The Servlet spec has some examples of how URL matching will work.
 
 -Tim

Wow, that really was all there was to it. Thank you!

--
Ryan

 Ryan Parr wrote:
  As so many have said before, I'm new to Java and Tomcat. So please
  forgive any poor design you see in my code, but please let me know about
  it :)
  
  I've created a filter class that handles user authorization. Basically
  when a user hits a page the filter is defined for, it checks for a
  boolean value in the user's session that describes their access to a
  certain auth group.
  
  If the user is not authorized, they are forwarded to a login page
  defined as an init-param which handles their authentication for that
  group.
  
  This works flawlessly on pages in the root directory, and if I do:
  url-pattern/*.jsp/url-pattern
  it operates on every file throughout the hierarchy. This isn't what I
  wanted so I defined a url exclusion method, that accepts paths and
  regular expressions that the filter tests before processing auth.
  
  I setup a new filter for each group/directory. It only works on the
  root directory though, and using a url-pattern of /admin/*.jsp doesn't
  appear to trigger the filter. It's never run. This happens whether or
  not the filter on the root of the context exists.
  
  Thank you very much for any advice you can give!
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Defining filters in sub-directories

2003-10-22 Thread Ryan Parr

As so many have said before, I'm new to Java and Tomcat. So please
forgive any poor design you see in my code, but please let me know about
it :)

I've created a filter class that handles user authorization. Basically
when a user hits a page the filter is defined for, it checks for a
boolean value in the user's session that describes their access to a
certain auth group.

If the user is not authorized, they are forwarded to a login page
defined as an init-param which handles their authentication for that
group.

This works flawlessly on pages in the root directory, and if I do:
url-pattern/*.jsp/url-pattern
it operates on every file throughout the hierarchy. This isn't what I
wanted so I defined a url exclusion method, that accepts paths and
regular expressions that the filter tests before processing auth.

I setup a new filter for each group/directory. It only works on the
root directory though, and using a url-pattern of /admin/*.jsp doesn't
appear to trigger the filter. It's never run. This happens whether or
not the filter on the root of the context exists.

Thank you very much for any advice you can give!
--
Ryan Parr

The pertinent parts of my web.xml:
---
  filter
filter-nameAdminSection/filter-name
filter-classcom.mysite.filters.UserAuthorization/filter-class
init-param
param-nameAuthGroup/param-name
param-valueAdmin/param-value
/init-param
init-param
param-nameLoginPage/param-name
param-value/admin/login.jsp/param-value
/init-param
  /filter

  !-- Admin Section --
  filter-mapping
filter-nameAdminSection/filter-name
url-pattern/admin/*.jsp/url-pattern
  /filter-mapping


And my UserAuthorization source:

/*
 * UserAuthorization.java
 *
 * Created on October 2, 2003, 8:52 PM
 */

package com.mysite.filters;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;

import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.ServletContext;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import java.util.regex.Pattern;

/**
 * This is the authorization filter. This simply checks to see
 * if a user is logged in, and if so whether or not they are allowed
 * to access the request resource. Authentication is handled elsewhere,
 * in a struts action.
 *
 * @author  Ryan Parr
 * @version 0.1
 * @see javax.servlet.Filter
 */
public class UserAuthorization implements Filter {
private FilterConfig config;
private String authName;// What's our name yo
private String[] authGroups;// Roles for this resource
private String loginPage;   // The login page to forward to

private String[] pageExclusions;// Pages we don't want to filter
private String[] pageExclusionPatterns; // Patterns of pages we
don't want to filter

private boolean loggedIn = false;
private ServletContext context = null;

/**
 * This is the first method called when the filter is used.
 * The general intention of this method is simply to set
 * a private variable to the filterConfig parameter.
 *
 * @param filterConfig FilterConfig
 */
public void init(FilterConfig filterConfig) throws ServletException
{
config = filterConfig;
authName = config.getFilterName();  
loginPage = config.getInitParameter(LoginPage);   

// Populate the authGroups array
String authGroupString = config.getInitParameter(AuthGroup);
if(!(authGroupString == null)  !(authGroupString.equals())) {
authGroups = authGroupString.split(,);
for(int i = 0; i  authGroups.length; i++)
{
authGroups[i] = authGroups[i].trim();
}
}

// Populate pageExclusions array
String pageExclusionString =
config.getInitParameter(PageExclusions);
if(!(pageExclusionString == null) 
!(pageExclusionString.equals())) {
pageExclusions = pageExclusionString.split(,);
for(int i = 0; i  pageExclusions.length; i++)
{
pageExclusions[i] = pageExclusions[i].trim();
}
}

// Populate pageExclusionPatterns array
String

Re: Defining filters in sub-directories

Re: Defining filters in sub-directories

Defining filters in sub-directories

3 matches

Site Navigation

Mail list logo

Footer information