hi, I changed the filter pattern in web.xml from /user/* to /*.jsf, then it goes into infinite loop, keep calling login.jsf. I tried checking the uri with endWith login.jsf and login.jsp, then stop looping, but images and css files cannot come thru.
Anyone has a filter to spare? <filter-mapping> <filter-name>UserSecurity</filter-name> <url-pattern>/*.jsf</url-pattern> </filter-mapping> Anyone can help? Patrick Haggood wrote: > > Here's a security filter I adapted from a sample on the Java Studio > Creator forum: > > First the web.xml part: > <filter> > <filter-name>UserSecurity</filter-name> > <filter-class>tolls.tools.UserSecurityCheckFilter</filter-class> > </filter> > > > > <filter-mapping> > <filter-name>UserSecurity</filter-name> > <url-pattern>/user/*</url-pattern> > </filter-mapping> > > Now the filter: > > /* > * UserSecurityCheckFilter.java > * > * Created on 30 December 2004, 23:36 > */ > > package tolls.tools; > > import java.io.IOException; > > import javax.servlet.Filter; > import javax.servlet.FilterChain; > import javax.servlet.FilterConfig; > import javax.servlet.ServletException; > import javax.servlet.ServletRequest; > import javax.servlet.ServletResponse; > import javax.servlet.http.HttpServletRequest; > import javax.servlet.http.HttpServletResponse; > import javax.servlet.http.HttpSession; > > import net.codezilla.trinity.service.LoginBean; > > > /** > * > * @author Jonathan Buckland > * JSC Forums > * http://swforum.sun.com/jive/thread.jspa?messageID=185654 > */ > public class UserSecurityCheckFilter implements Filter { > > private FilterConfig config = null; > private final static String FILTER_APPLIED = > "_security_filter_applied"; > public UserSecurityCheckFilter() { //called once. no method > arguments allowed here! > } > > public void init(FilterConfig conf) throws ServletException { > > } > > public void destroy() { > } > > /** Creates a new instance of SecurityCheckFilter */ > public void doFilter(ServletRequest request, ServletResponse > response, FilterChain chain) > throws IOException, ServletException { > > HttpServletRequest hreq = (HttpServletRequest)request; > HttpServletResponse hres = (HttpServletResponse)response; > HttpSession session = hreq.getSession(); > > String checkforloginpage = hreq.getPathTranslated(); > > //System.out.println("ctext path " + hreq.getContextPath()); > //System.out.println("uri " + hreq.getRequestURI()); > //System.out.println("url " + hreq.getRequestURL()); > //System.out.println("srv path " + hreq.getServletPath()); > //dont filter login.jsp because otherwise an endless loop. > //& only filter .jsp otherwise it will filter all images etc as > well. > if ((request.getAttribute(FILTER_APPLIED) == > null)) //&&(checkforloginpage.endsWith(".jsp"))) > { > request.setAttribute(FILTER_APPLIED, Boolean.TRUE); > > // if all else fails, goto main page > String loginPage="/MateoWeb/MainPage.faces"; > boolean loginStatus=false; > //If the session bean is not null get the login status > LoginBean lbean = > (LoginBean)session.getAttribute("loginbean"); > > // if you can find session, check logins > if(lbean!=null) { > //System.out.println("Checking user login"); > loginStatus=(lbean.isUserLoginStatus()); > } > // System.out.println("Login status " + loginStatus); > // if loginStatus is false for any of these filtered pages, > goto relevant loginform > if(!loginStatus) { > // System.out.println("Redirecting to main page " + > loginPage); > hres.sendRedirect(loginPage); > return; > } > } > //deliver request to next filter > chain.doFilter(request, response); > } > } > > On Wed, 2005-05-11 at 09:30 +0200, [EMAIL PROTECTED] wrote: >> Hi >> >> Sorry for not answering this before - Been out sailing for some days. >> >> SecurityFilter is SF project. I have been using it in a couple of Struts >> applications, and have now incorporated it into the MyFaces version of >> one of them that I am currently migrating. >> >> Hermod > > > > > > -- View this message in context: http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3799147 Sent from the MyFaces - Users forum at Nabble.com.
