So. I am trying to write a Shale filter. This is how my chain.config.xml
looks like:
<catalog name="shale">
<!-- Disallow direct access to JSP and JSFP resources -->
<chain name="preprocess">
<command className=
"org.apache.shale.application.ContextRelativePathFilter"
includes=
"\S*\.faces,\S*\.html,\S*\.gif,\S*\.jpg,/index\.jsp"
excludes="\S*\.jsp,\S*\.jspf"/>
<command className=
"com.intellicare.shaleNShark.application.PreprocessFilter"
excludes="/index\.jsp,/logon.faces"/>
</chain>
</catalog>
My PreprocessFilter extends ContextRelativePathFilter and has the foll.
accept method:
public void accept(ShaleWebContext context) throws Exception {
ShaleWebContext webContext = (ShaleWebContext) context;
String value = value(webContext);
Map sessionScope = webContext.getSessionScope();
String user = (String) sessionScope.get("user");
String pw = (String) sessionScope.get("password");
//..etc. (the idea of course being if un/pw are
null/empty, the app gets seriously mad..)
}
>From what I can understand of the code in AbstractRegExpFilter,
implementing the "value" method will decide how the "includes" and
"excludes" patterns are understood by Shale. Since I extended
ContextRelativePathFilter, I would have thought that my /index.jsp as well
as /logon.faces would *not* make it to the PreprocessFilter. But I have a
breakpoint in the accept method and sadly *every* page seems to go through
this accept method. (What's more, the value of the String "value" above
comes out as "/index.jsp" and "/logon.faces" when I access my index page
and logon pages.) Which of course is not ok since I shouldn't be checking
for un/pw values in the logon page. Where am I going wrong?
Thank you again for your continued help.. doubtless this must be big time
boring for you..
Geeta
