Here's a security filter I adapted from a sample on the Java Studio Creator forum:
First the web.xml part: <filter> <filter-name>UserSecurity</filter-name> <filter-class>tolls.tools.UserSecurityCheckFilter</filter-class> </filter> <filter-mapping> <filter-name>UserSecurity</filter-name> <url-pattern>/user/*</url-pattern> </filter-mapping> Now the filter: /* * UserSecurityCheckFilter.java * * Created on 30 December 2004, 23:36 */ package tolls.tools; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import net.codezilla.trinity.service.LoginBean; /** * * @author Jonathan Buckland * JSC Forums * http://swforum.sun.com/jive/thread.jspa?messageID=185654 */ public class UserSecurityCheckFilter implements Filter { private FilterConfig config = null; private final static String FILTER_APPLIED = "_security_filter_applied"; public UserSecurityCheckFilter() { //called once. no method arguments allowed here! } public void init(FilterConfig conf) throws ServletException { } public void destroy() { } /** Creates a new instance of SecurityCheckFilter */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hreq = (HttpServletRequest)request; HttpServletResponse hres = (HttpServletResponse)response; HttpSession session = hreq.getSession(); String checkforloginpage = hreq.getPathTranslated(); //System.out.println("ctext path " + hreq.getContextPath()); //System.out.println("uri " + hreq.getRequestURI()); //System.out.println("url " + hreq.getRequestURL()); //System.out.println("srv path " + hreq.getServletPath()); //dont filter login.jsp because otherwise an endless loop. //& only filter .jsp otherwise it will filter all images etc as well. if ((request.getAttribute(FILTER_APPLIED) == null)) //&&(checkforloginpage.endsWith(".jsp"))) { request.setAttribute(FILTER_APPLIED, Boolean.TRUE); // if all else fails, goto main page String loginPage="/MateoWeb/MainPage.faces"; boolean loginStatus=false; //If the session bean is not null get the login status LoginBean lbean = (LoginBean)session.getAttribute("loginbean"); // if you can find session, check logins if(lbean!=null) { //System.out.println("Checking user login"); loginStatus=(lbean.isUserLoginStatus()); } // System.out.println("Login status " + loginStatus); // if loginStatus is false for any of these filtered pages, goto relevant loginform if(!loginStatus) { // System.out.println("Redirecting to main page " + loginPage); hres.sendRedirect(loginPage); return; } } //deliver request to next filter chain.doFilter(request, response); } } On Wed, 2005-05-11 at 09:30 +0200, [EMAIL PROTECTED] wrote: > Hi > > Sorry for not answering this before - Been out sailing for some days. > > SecurityFilter is SF project. I have been using it in a couple of Struts > applications, and have now incorporated it into the MyFaces version of > one of them that I am currently migrating. > > Hermod
