FAQ
I have a struts application where I am using Filter and Tomcat and this works as it
should... But trying to do the same thing with a JSF application doesn't work? Are
there something I am missing? The init() method is called, but doFilter is never
called, why?


Regards,

BTJ

--
-----------------------------------------------------------------------------------------------
Bjørn T Johansen

btj@havleik.no
-----------------------------------------------------------------------------------------------
Someone wrote:
"I understand that if you play a Windows CD backwards you hear strange Satanic messages"
To which someone replied:
"It's even worse than that; play it forwards and it installs Windows"
-----------------------------------------------------------------------------------------------

Search Discussions

  • Hermod Opstvedt at May 4, 2005 at 11:55 am
    Hi

    I am using filters (for taking care of Hibernate sessions) and it works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter
    is never
    called, why?


    Regards,

    BTJ

    --
    ------------------------------------------------------------------------
    -----------------------
    Bjørn T Johansen

    btj@havleik.no
    ------------------------------------------------------------------------
    -----------------------
    Someone wrote:
    "I understand that if you play a Windows CD backwards you hear strange
    Satanic messages"
    To which someone replied:
    "It's even worse than that; play it forwards and it installs Windows"
    ------------------------------------------------------------------------
    -----------------------


    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    This email with attachments is solely for the use of the individual or
    entity to whom it is addressed. Please also be aware that the DnB NOR Group
    cannot accept any payment orders or other legally binding correspondence with
    customers as a part of an email.

    This email message has been virus checked by the virus programs used
    in the DnB NOR Group.

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  • Bjørn T Johansen at May 4, 2005 at 11:59 am
    Yes, I discovered that there seems to be something wrong with my pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want to protect
    every file and subfolders inside a folder called protected, how should my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter
    is never
    called, why?


    Regards,

    BTJ
    --
    -----------------------------------------------------------------------------------------------
    Bjørn T Johansen (BSc,MNIF)
    Executive Manager
    btj@havleik.no Havleik Consulting
    Phone : +47 21 69 15 20 Bjørnebærstien 57
    Fax : +47 41 13 09 15 N-1348 Rykkinn
    Cellular : +47 926 93 298 http://www.havleik.no
    -----------------------------------------------------------------------------------------------
    Someone wrote:
    "I understand that if you play a Windows CD backwards you hear strange Satanic messages"
    To which someone replied:
    "It's even worse than that; play it forwards and it installs Windows"
    -----------------------------------------------------------------------------------------------
  • Hermod Opstvedt at May 4, 2005 at 12:35 pm
    Hi

    I seem to remember that (look in an earlier thread) there is a problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want
    to protect
    every file and subfolders inside a folder called protected, how should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter
    is never
    called, why?


    Regards,

    BTJ
    --
    ------------------------------------------------------------------------
    -----------------------
    Bjørn T Johansen (BSc,MNIF)
    Executive Manager
    btj@havleik.no Havleik Consulting
    Phone : +47 21 69 15 20 Bjørnebærstien 57
    Fax : +47 41 13 09 15 N-1348 Rykkinn
    Cellular : +47 926 93 298 http://www.havleik.no
    ------------------------------------------------------------------------
    -----------------------
    Someone wrote:
    "I understand that if you play a Windows CD backwards you hear strange
    Satanic messages"
    To which someone replied:
    "It's even worse than that; play it forwards and it installs Windows"
    ------------------------------------------------------------------------
    -----------------------


    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    This email with attachments is solely for the use of the individual or
    entity to whom it is addressed. Please also be aware that the DnB NOR Group
    cannot accept any payment orders or other legally binding correspondence with
    customers as a part of an email.

    This email message has been virus checked by the virus programs used
    in the DnB NOR Group.

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  • Bjørn T Johansen at May 4, 2005 at 1:09 pm
    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for filter?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want
    to protect
    every file and subfolders inside a folder called protected, how should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Jonathan Eric Miller at May 4, 2005 at 2:33 pm
    This is just a guess, but, if you have JSF configured to use mappings like,

    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message -----
    From: "Bjørn T Johansen" <btj@havleik.no>
    To: "MyFaces Discussion" <users@myfaces.apache.org>
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for filter?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want
    to protect
    every file and subfolders inside a folder called protected, how should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Bjørn T Johansen at May 4, 2005 at 3:52 pm
    Yes, I do... But I have tried /faces/protected/* too, with no luck....

    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use mappings like,

    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <btj@havleik.no>
    To: "MyFaces Discussion" <users@myfaces.apache.org>
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for filter?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want
    to protect
    every file and subfolders inside a folder called protected, how should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it

    works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF application

    doesn't
    work? Are
    there something I am missing? The init() method is called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Matt Blum at May 4, 2005 at 6:20 pm
    The only possibilities I can think of that would cause the behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the url-mapping
    doesn't apply (you can test this by setting the pattern back to /* and
    outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which comes
    before the filter you're working on in your web.xml list of filter-mappings)
    is failing to call doFilter(request, response) on the FilterChain object it
    receives, for some reason.

    -Matt
    On 5/4/05, Bjørn T Johansen wrote:

    Yes, I do... But I have tried /faces/protected/* too, with no luck....

    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <btj@havleik.no>
    To: "MyFaces Discussion" <users@myfaces.apache.org>
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for filter?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want
    to protect
    every file and subfolders inside a folder called protected, how should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it

    works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF application

    doesn't
    work? Are
    there something I am missing? The init() method is called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Bjørn T Johansen at May 4, 2005 at 9:47 pm
    Well, I changed my pattern to /* and something strange happens in the doFilter method...

    I am coming from /login.jsp and the navigation rule looks like this..:

    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is showing
    (/protected/index.jsp) but putting this call in the doFilter method:

    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng /protected/* didn't work, but
    why is this the request url in doFilter??


    BTJ



    Matt Blum wrote:
    The only possibilities I can think of that would cause the behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which
    comes before the filter you're working on in your web.xml list of
    filter-mappings) is failing to call doFilter(request, response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* wrote:

    Yes, I do... But I have tried /faces/protected/* too, with no luck....

    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no > To: "MyFaces Discussion" <users@myfaces.apache.org
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a
    problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e.
    I want
    to protect
    every file and subfolders inside a folder called protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it

    works
    like a charm. However I did mess up initially because I forgot
    to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF application

    doesn't
    work? Are
    there something I am missing? The init() method is called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Matt Blum at May 5, 2005 at 12:42 am
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're using
    a servlet container that only supports up to servlet spec 2.3, it will
    *only* handle the initial server request, so I'm not sure how you'd fix your
    problem. If you're using one that supports servlet spec 2.4, though, you can
    configure it to handle requests, forwards, includes, and errors as follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>


    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.

    Hope this helps.
    -Matt
    On 5/4/05, Bjørn T Johansen wrote:

    Well, I changed my pattern to /* and something strange happens in the
    doFilter method...

    I am coming from /login.jsp and the navigation rule looks like this..:

    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is
    showing
    (/protected/index.jsp) but putting this call in the doFilter method:

    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng /protected/*
    didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which
    comes before the filter you're working on in your web.xml list of
    filter-mappings) is failing to call doFilter(request, response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* wrote:

    Yes, I do... But I have tried /faces/protected/* too, with no luck....

    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no > > To: "MyFaces Discussion" <users@myfaces.apache.org
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a
    problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e.
    I want
    to protect
    every file and subfolders inside a folder called protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it

    works
    like a charm. However I did mess up initially because I forgot
    to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?

    I have a struts application where I am using Filter and Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF application

    doesn't
    work? Are
    there something I am missing? The init() method is called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Craig McClanahan at May 5, 2005 at 1:42 am

    On 5/4/05, Matt Blum wrote:
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're
    using a servlet container that only supports up to servlet spec 2.3, it will
    *only* handle the initial server request, so I'm not sure how you'd fix your
    problem. If you're using one that supports servlet spec 2.4, though, you
    can configure it to handle requests, forwards, includes, and errors as
    follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.
    Matt has it right, but with one cautionary note -- the <dispatcher>
    element was added in Servlet 2.4. If you're running on a Servlet 2.3
    environment (such as Tomcat 4.x), you're stuck with the fact that
    filters only work on the original request, and not on forwards or
    includes.
    Hope this helps.
    -Matt
    Craig

    On 5/4/05, Bjørn T Johansen wrote:
    Well, I changed my pattern to /* and something strange happens in the
    doFilter method...
    I am coming from /login.jsp and the navigation rule looks like this..:

    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is showing
    (/protected/index.jsp) but putting this call in the doFilter method:

    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng /protected/*
    didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which
    comes before the filter you're working on in your web.xml list of
    filter-mappings) is failing to call doFilter(request, response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no > > wrote:

    Yes, I do... But I have tried /faces/protected/* too, with no
    luck....
    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping
    of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no <mailto: btj@havleik.no>>
    To: "MyFaces Discussion" <users@myfaces.apache.org

    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a
    problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    <mailto: btj@havleik.no>]
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. ( I.e.
    I want
    to protect
    every file and subfolders inside a folder called protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no <mailto: hermod.opstvedt@dnbnor.no>
    wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and
    it

    works
    like a charm. However I did mess up initially because I forgot
    to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?

    I have a struts application where I am using Filter and Tomcat
    and

    this
    works as it
    should... But trying to do the same thing with a JSF
    application

    doesn't
    work? Are
    there something I am missing? The init() method is called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Craig McClanahan at May 5, 2005 at 1:42 am
    Well duh ... if I'd actually read the ENTIRE response I would have
    seen that Matt said that already :-).

    Craig
    On 5/4/05, Craig McClanahan wrote:
    On 5/4/05, Matt Blum wrote:
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're
    using a servlet container that only supports up to servlet spec 2.3, it will
    *only* handle the initial server request, so I'm not sure how you'd fix your
    problem. If you're using one that supports servlet spec 2.4, though, you
    can configure it to handle requests, forwards, includes, and errors as
    follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.
    Matt has it right, but with one cautionary note -- the <dispatcher>
    element was added in Servlet 2.4. If you're running on a Servlet 2.3
    environment (such as Tomcat 4.x), you're stuck with the fact that
    filters only work on the original request, and not on forwards or
    includes.
    Hope this helps.
    -Matt
    Craig

    On 5/4/05, Bjørn T Johansen wrote:
    Well, I changed my pattern to /* and something strange happens in the
    doFilter method...
    I am coming from /login.jsp and the navigation rule looks like this..:

    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is showing
    (/protected/index.jsp) but putting this call in the doFilter method:

    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng /protected/*
    didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which
    comes before the filter you're working on in your web.xml list of
    filter-mappings) is failing to call doFilter(request, response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no > > > wrote:

    Yes, I do... But I have tried /faces/protected/* too, with no
    luck....
    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a mapping
    of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the path.

    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no <mailto: btj@havleik.no>>
    To: "MyFaces Discussion" <users@myfaces.apache.org

    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no > wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a
    problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    <mailto: btj@havleik.no>]
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. ( I.e.
    I want
    to protect
    every file and subfolders inside a folder called protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no <mailto: hermod.opstvedt@dnbnor.no>
    wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and
    it

    works
    like a charm. However I did mess up initially because I forgot
    to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?

    I have a struts application where I am using Filter and Tomcat
    and

    this
    works as it
    should... But trying to do the same thing with a JSF
    application

    doesn't
    work? Are
    there something I am missing? The init() method is called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Bjørn T Johansen at May 5, 2005 at 7:36 am
    Well, I tried switching to 2.4 spec, but the only difference (I enabled requests and
    forwards), is that it now prints the url twice (i.e. the doFilter method is called twice),
    but it still just shows me the url for the previous page (i.e. /logins.jsp instead of
    /protected/index.jsp but the page shown is /protected/index.jsp)
    Is there something fundamental I am missing...? This is my first JSF app, but it shouldn't
    be that much different from say Struts...


    BTJ

    Matt Blum wrote:
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're
    using a servlet container that only supports up to servlet spec 2.3, it
    will *only* handle the initial server request, so I'm not sure how you'd
    fix your problem. If you're using one that supports servlet spec 2.4,
    though, you can configure it to handle requests, forwards, includes, and
    errors as follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>


    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.

    Hope this helps.
    -Matt

    On 5/4/05, *Bjørn T Johansen* wrote:

    Well, I changed my pattern to /* and something strange happens in
    the doFilter method...

    I am coming from /login.jsp and the navigation rule looks like this..:

    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is
    showing
    (/protected/index.jsp) but putting this call in the doFilter method:

    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng
    /protected/* didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the
    behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the
    pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which
    comes before the filter you're working on in your web.xml list of
    filter-mappings) is failing to call doFilter(request, response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no wrote:
    Yes, I do... But I have tried /faces/protected/* too, with no luck....
    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a
    mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the
    path.
    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no <mailto: btj@havleik.no
    To: "MyFaces Discussion" <users@myfaces.apache.org
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no
    wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a
    problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then
    check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    <mailto: btj@havleik.no > >>> Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong
    with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called..
    ( I.e.
    I want
    to protect
    every file and subfolders inside a folder called
    protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no
    <mailto:
    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate
    sessions) and it

    works
    like a charm. However I did mess up initially because I
    forgot
    to add
    the correct mapping, which then resultet in the same
    behaviour.
    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    <mailto:btj@havleik.no > >>>> Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?

    I have a struts application where I am using Filter and
    Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF
    application

    doesn't
    work? Are
    there something I am missing? The init() method is
    called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Matt Blum at May 5, 2005 at 2:29 pm
    You need to change your url-mapping back to "/protected/*". I'm assuming you
    left it mapped to "/*", in which case the behavior you're describing is what
    you *should* be seeing. The filter is being called twice now, once for the
    initial request (logins.jsp) and once for the forward
    (/protected/index.jsp). The URL you're printing out is coming from the
    request object, which will only give you the URL that was originally sent to
    the server.

    That's the difference between a redirect and a forward: a redirect instructs
    the client to request a different URL from the server, which thereby creates
    a new request object; a forward is handled entirely on the server, with the
    server simply redirecting the *handling* of the request to something other
    than what was initially requested.

    -Matt
    On 5/5/05, Bjørn T Johansen wrote:

    Well, I tried switching to 2.4 spec, but the only difference (I enabled
    requests and
    forwards), is that it now prints the url twice (i.e. the doFilter method
    is called twice),
    but it still just shows me the url for the previous page (i.e. /logins.jsp
    instead of
    /protected/index.jsp but the page shown is /protected/index.jsp)
    Is there something fundamental I am missing...? This is my first JSF app,
    but it shouldn't
    be that much different from say Struts...

    BTJ

    Matt Blum wrote:
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're
    using a servlet container that only supports up to servlet spec 2.3, it
    will *only* handle the initial server request, so I'm not sure how you'd
    fix your problem. If you're using one that supports servlet spec 2.4,
    though, you can configure it to handle requests, forwards, includes, and
    errors as follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>


    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.

    Hope this helps.
    -Matt

    On 5/4/05, *Bjørn T Johansen* wrote:

    Well, I changed my pattern to /* and something strange happens in
    the doFilter method...

    I am coming from /login.jsp and the navigation rule looks like this..:

    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is
    showing
    (/protected/index.jsp) but putting this call in the doFilter method:

    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng
    /protected/* didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the
    behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the
    pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request (and which
    comes before the filter you're working on in your web.xml list of
    filter-mappings) is failing to call doFilter(request, response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no
    <mailto:btj@havleik.no > > wrote:
    Yes, I do... But I have tried /faces/protected/* too, with no luck....
    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could setup a
    mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around with the
    path.
    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no <mailto: btj@havleik.no
    To: "MyFaces Discussion" <users@myfaces.apache.org
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no
    wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a
    problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then
    check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto:btj@havleik.no
    <mailto: btj@havleik.no > > >>> Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong
    with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called..
    ( I.e.
    I want
    to protect
    every file and subfolders inside a folder called
    protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no
    <mailto:
    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate
    sessions) and it

    works
    like a charm. However I did mess up initially because I
    forgot
    to add
    the correct mapping, which then resultet in the same
    behaviour.
    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    <mailto:btj@havleik.no > > >>>> Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?

    I have a struts application where I am using Filter and
    Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF
    application

    doesn't
    work? Are
    there something I am missing? The init() method is
    called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Bjørn T Johansen at May 5, 2005 at 3:51 pm
    Yes, you are correct... And after changing my url-pattern back to /protected/* it works
    like it should.... And what you say about the url, makes sense....

    So thx! :)

    BTJ

    Matt Blum wrote:
    You need to change your url-mapping back to "/protected/*". I'm
    assuming you left it mapped to "/*", in which case the behavior you're
    describing is what you *should* be seeing. The filter is being called
    twice now, once for the initial request (logins.jsp) and once for the
    forward (/protected/index.jsp). The URL you're printing out is coming
    from the request object, which will only give you the URL that was
    originally sent to the server.

    That's the difference between a redirect and a forward: a redirect
    instructs the client to request a different URL from the server, which
    thereby creates a new request object; a forward is handled entirely on
    the server, with the server simply redirecting the *handling* of the
    request to something other than what was initially requested.

    -Matt

    On 5/5/05, *Bjørn T Johansen* wrote:

    Well, I tried switching to 2.4 spec, but the only difference (I
    enabled requests and
    forwards), is that it now prints the url twice (i.e. the doFilter
    method is called twice),
    but it still just shows me the url for the previous page ( i.e.
    /logins.jsp instead of
    /protected/index.jsp but the page shown is /protected/index.jsp)
    Is there something fundamental I am missing...? This is my first JSF
    app, but it shouldn't
    be that much different from say Struts...

    BTJ

    Matt Blum wrote:
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're
    using a servlet container that only supports up to servlet spec 2.3, it
    will *only* handle the initial server request, so I'm not sure how you'd
    fix your problem. If you're using one that supports servlet spec 2.4,
    though, you can configure it to handle requests, forwards,
    includes, and
    errors as follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>


    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.

    Hope this helps.
    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no wrote:
    Well, I changed my pattern to /* and something strange happens in
    the doFilter method...

    I am coming from /login.jsp and the navigation rule looks like this..:
    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is
    showing
    (/protected/index.jsp) but putting this call in the doFilter method:
    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng
    /protected/* didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the
    behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so the
    url-mapping doesn't apply (you can test this by setting the
    pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request
    (and which
    comes before the filter you're working on in your web.xml
    list of
    filter-mappings) is failing to call doFilter(request,
    response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no
    <mailto:btj@havleik.no <mailto:btj@havleik.no <mailto:btj@havleik.no > > wrote:
    Yes, I do... But I have tried /faces/protected/* too,
    with no
    luck....
    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured
    to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could
    setup a
    mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using a,

    *.faces

    mapping for faces. This way it doesn't mess around
    with the
    path.
    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no <mailto:btj@havleik.no <mailto:
    btj@havleik.no > <mailto:btj@havleik.no > > > To: "MyFaces Discussion" < users@myfaces.apache.org
    <mailto: users@myfaces.apache.org
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another
    name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no
    <mailto:hermod.opstvedt@dnbnor.no > <mailto: hermod.opstvedt@dnbnor.no
    wrote:
    Hi

    I seem to remember that (look in an earlier thread)
    there is a
    problem
    with that. Are you calling a faces page within that
    pattern?
    One soulution is to use the top-levek aproach and then
    check the
    requestpath in your filter (I use SecurityFilter for
    this).
    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    <mailto:btj@havleik.no > > <mailto: btj@havleik.no <mailto:
    btj@havleik.no > > >>> Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong
    with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not
    called..
    ( I.e.
    I want
    to protect
    every file and subfolders inside a folder called
    protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no
    <mailto:
    hermod.opstvedt@dnbnor.no <mailto: hermod.opstvedt@dnbnor.no
    wrote:
    Hi

    I am using filters (for taking care of Hibernate
    sessions) and it

    works
    like a charm. However I did mess up initially because I
    forgot
    to add
    the correct mapping, which then resultet in the same
    behaviour.
    Make sure you have somthing like this in your
    web.xml file:
    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    <mailto:btj@havleik.no > > <mailto:btj@havleik.no <mailto:btj@havleik.no >]
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    <mailto: myfaces-user@incubator.apache.org
    <mailto: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and
    Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF
    application

    doesn't
    work? Are
    there something I am missing? The init() method is
    called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Frohman at Jan 18, 2006 at 4:44 am
    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Thursday, May 05, 2005 8:50 AM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?

    Yes, you are correct... And after changing my url-pattern back to
    /protected/* it works like it should.... And what you say about the url,
    makes sense....

    So thx! :)

    BTJ

    Matt Blum wrote:
    You need to change your url-mapping back to "/protected/*". I'm
    assuming you left it mapped to "/*", in which case the behavior you're
    describing is what you *should* be seeing. The filter is being called
    twice now, once for the initial request (logins.jsp) and once for the
    forward (/protected/index.jsp). The URL you're printing out is coming
    from the request object, which will only give you the URL that was
    originally sent to the server.

    That's the difference between a redirect and a forward: a redirect
    instructs the client to request a different URL from the server, which
    thereby creates a new request object; a forward is handled entirely on
    the server, with the server simply redirecting the *handling* of the
    request to something other than what was initially requested.

    -Matt

    On 5/5/05, *Bjørn T Johansen* wrote:

    Well, I tried switching to 2.4 spec, but the only difference (I
    enabled requests and
    forwards), is that it now prints the url twice (i.e. the doFilter
    method is called twice),
    but it still just shows me the url for the previous page ( i.e.
    /logins.jsp instead of
    /protected/index.jsp but the page shown is /protected/index.jsp)
    Is there something fundamental I am missing...? This is my first JSF
    app, but it shouldn't
    be that much different from say Struts...

    BTJ

    Matt Blum wrote:
    OK, now I think I've got it:

    The navigation rule is doing a forward, not a redirect. Servlet filters
    don't always handle anything but the initial server request. If you're
    using a servlet container that only supports up to servlet spec 2.3, it
    will *only* handle the initial server request, so I'm not sure how you'd
    fix your problem. If you're using one that supports servlet spec
    2.4,
    though, you can configure it to handle requests, forwards,
    includes, and
    errors as follows:

    <filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern</pattern/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>

    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
    </filter-mapping>


    Obviously, if you only want it to handle requests and forwards, you only
    need the corresponding lines.

    Hope this helps.
    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no wrote:
    Well, I changed my pattern to /* and something strange happens
    in
    the doFilter method...

    I am coming from /login.jsp and the navigation rule looks like this..:
    <navigation-rule>
    <from-view-id>/login.jsp</from-view-id>
    <navigation-case>
    <from-outcome>success</from-outcome>
    <to-view-id>/protected/index.jsp</to-view-id>
    </navigation-case>
    </navigation-rule>

    And when the outcome is success from /login.jsp, the correct page is
    showing
    (/protected/index.jsp) but putting this call in the doFilter method:
    writeLog(((HttpServletRequest)request).getRequestURL());

    gives me the url to the previous page, /logins.jsf.. Shouldn't this be
    /protected/index.jsf ?? But this explains why the patterng
    /protected/* didn't work, but
    why is this the request url in doFilter??

    BTJ

    Matt Blum wrote:
    The only possibilities I can think of that would cause the
    behavior you
    describe are:

    1. The URL is being redirected before the filter is hit, so
    the
    url-mapping doesn't apply (you can test this by setting the
    pattern back
    to /* and outputting the path the filter finds).

    2. Another filter whose pattern is matched by the request
    (and which
    comes before the filter you're working on in your web.xml
    list of
    filter-mappings) is failing to call doFilter(request,
    response) on the
    FilterChain object it receives, for some reason.

    -Matt

    On 5/4/05, *Bjørn T Johansen* <btj@havleik.no
    <mailto:btj@havleik.no <mailto:btj@havleik.no <mailto:btj@havleik.no > > wrote:
    Yes, I do... But I have tried /faces/protected/* too,
    with no
    luck....
    BTJ

    Jonathan Eric Miller wrote:
    This is just a guess, but, if you have JSF configured
    to use
    mappings like,
    /faces/*

    then, I think it might change the path to something like
    /faces/protected/<page>.jsp (so, I think you could
    setup a
    mapping of
    /faces/protected/* instead of /protected/*).

    I used to have mine setup like that, but, now I'm using
    a,
    *.faces

    mapping for faces. This way it doesn't mess around
    with the
    path.
    Jon

    ----- Original Message ----- From: "Bjørn T Johansen" <
    btj@havleik.no <mailto:btj@havleik.no <mailto:
    btj@havleik.no > <mailto:btj@havleik.no > > > To: "MyFaces Discussion" < users@myfaces.apache.org
    <mailto: users@myfaces.apache.org
    Sent: Wednesday, May 04, 2005 8:08 AM
    Subject: Re: Servlet Filter?

    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another
    name for
    filter?

    BTJ

    hermod.opstvedt@dnbnor.no
    <mailto:hermod.opstvedt@dnbnor.no > <mailto: hermod.opstvedt@dnbnor.no
    wrote:
    Hi

    I seem to remember that (look in an earlier thread)
    there is a
    problem
    with that. Are you calling a faces page within that
    pattern?
    One soulution is to use the top-levek aproach and then
    check the
    requestpath in your filter (I use SecurityFilter for
    this).
    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    <mailto:btj@havleik.no > > <mailto: btj@havleik.no <mailto:
    btj@havleik.no > > >>> Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something
    wrong
    with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not
    called..
    ( I.e.
    I want
    to protect
    every file and subfolders inside a folder called
    protected, how
    should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no
    <mailto:
    hermod.opstvedt@dnbnor.no <mailto: hermod.opstvedt@dnbnor.no
    wrote:
    Hi

    I am using filters (for taking care of Hibernate
    sessions) and it

    works
    like a charm. However I did mess up initially because
    I
    forgot
    to add
    the correct mapping, which then resultet in the same
    behaviour.
    Make sure you have somthing like this in your
    web.xml file:
    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen [mailto: btj@havleik.no
    <mailto:btj@havleik.no > > <mailto:btj@havleik.no <mailto:btj@havleik.no >]
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    <mailto: myfaces-user@incubator.apache.org
    <mailto: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter
    and
    Tomcat and

    this
    works as it
    should... But trying to do the same thing with a JSF
    application

    doesn't
    work? Are
    there something I am missing? The init() method is
    called, but

    doFilter
    is never
    called, why?


    Regards,

    BTJ
  • Matt Blum at May 4, 2005 at 2:52 pm
    Maybe it's not configured properly in your web.xml. What servlet or
    url-pattern did you map the filter to?

    -Matt
    On 5/4/05, Bjørn T Johansen wrote:

    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter is
    never
    called, why?

    Regards,

    BTJ

    --

    -----------------------------------------------------------------------------------------------
    Bjørn T Johansen

    btj@havleik.no

    -----------------------------------------------------------------------------------------------
    Someone wrote:
    "I understand that if you play a Windows CD backwards you hear strange
    Satanic messages"
    To which someone replied:
    "It's even worse than that; play it forwards and it installs Windows"

    -----------------------------------------------------------------------------------------------
  • Hermod Opstvedt at May 11, 2005 at 7:31 am
    Hi

    Sorry for not answering this before - Been out sailing for some days.

    SecurityFilter is SF project. I have been using it in a couple of Struts
    applications, and have now incorporated it into the MyFaces version of
    one of them that I am currently migrating.

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 3:09 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I am.... Maybe I'll check the request path...

    BTW, is SecurityFilter something else or just another name for filter?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I seem to remember that (look in an earlier thread) there is a problem
    with that. Are you calling a faces page within that pattern?

    One soulution is to use the top-levek aproach and then check the
    requestpath in your filter (I use SecurityFilter for this).

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:59 PM
    To: MyFaces Discussion
    Subject: Re: Servlet Filter?


    Yes, I discovered that there seems to be something wrong with my
    pattern...
    If I use /* as the pattern, it works...
    But if I use /protected/* then the filter is not called.. (I.e. I want
    to protect
    every file and subfolders inside a folder called protected, how should
    my pattern
    look like?


    BTJ

    hermod.opstvedt@dnbnor.no wrote:
    Hi

    I am using filters (for taking care of Hibernate sessions) and it works
    like a charm. However I did mess up initially because I forgot to add
    the correct mapping, which then resultet in the same behaviour.

    Make sure you have somthing like this in your web.xml file:

    <filter-mapping>
    <filter-name><<your_filtername>></filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    Hermod

    -----Original Message-----
    From: Bjørn T Johansen
    Sent: Wednesday, May 04, 2005 1:43 PM
    To: myfaces-user@incubator.apache.org
    Subject: Servlet Filter?


    I have a struts application where I am using Filter and Tomcat and this
    works as it
    should... But trying to do the same thing with a JSF application doesn't
    work? Are
    there something I am missing? The init() method is called, but doFilter
    is never
    called, why?


    Regards,

    BTJ

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    This email with attachments is solely for the use of the individual or
    entity to whom it is addressed. Please also be aware that the DnB NOR Group
    cannot accept any payment orders or other legally binding correspondence with
    customers as a part of an email.

    This email message has been virus checked by the virus programs used
    in the DnB NOR Group.

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  • Patrick B Haggood at May 16, 2005 at 3:07 pm
    Here's a security filter I adapted from a sample on the Java Studio
    Creator forum:

    First the web.xml part:
    <filter>
    <filter-name>UserSecurity</filter-name>
    <filter-class>tolls.tools.UserSecurityCheckFilter</filter-class>
    </filter>



    <filter-mapping>
    <filter-name>UserSecurity</filter-name>
    <url-pattern>/user/*</url-pattern>
    </filter-mapping>

    Now the filter:

    /*
    * UserSecurityCheckFilter.java
    *
    * Created on 30 December 2004, 23:36
    */

    package tolls.tools;

    import java.io.IOException;

    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    import net.codezilla.trinity.service.LoginBean;


    /**
    *
    * @author Jonathan Buckland
    * JSC Forums
    * http://swforum.sun.com/jive/thread.jspa?messageID=185654
    */
    public class UserSecurityCheckFilter implements Filter {

    private FilterConfig config = null;
    private final static String FILTER_APPLIED =
    "_security_filter_applied";
    public UserSecurityCheckFilter() { //called once. no method
    arguments allowed here!
    }

    public void init(FilterConfig conf) throws ServletException {

    }

    public void destroy() {
    }

    /** Creates a new instance of SecurityCheckFilter */
    public void doFilter(ServletRequest request, ServletResponse
    response, FilterChain chain)
    throws IOException, ServletException {

    HttpServletRequest hreq = (HttpServletRequest)request;
    HttpServletResponse hres = (HttpServletResponse)response;
    HttpSession session = hreq.getSession();

    String checkforloginpage = hreq.getPathTranslated();

    //System.out.println("ctext path " + hreq.getContextPath());
    //System.out.println("uri " + hreq.getRequestURI());
    //System.out.println("url " + hreq.getRequestURL());
    //System.out.println("srv path " + hreq.getServletPath());
    //dont filter login.jsp because otherwise an endless loop.
    //& only filter .jsp otherwise it will filter all images etc as
    well.
    if ((request.getAttribute(FILTER_APPLIED) ==
    null)) //&&(checkforloginpage.endsWith(".jsp")))
    {
    request.setAttribute(FILTER_APPLIED, Boolean.TRUE);

    // if all else fails, goto main page
    String loginPage="/MateoWeb/MainPage.faces";
    boolean loginStatus=false;
    //If the session bean is not null get the login status
    LoginBean lbean =
    (LoginBean)session.getAttribute("loginbean");

    // if you can find session, check logins
    if(lbean!=null) {
    //System.out.println("Checking user login");
    loginStatus=(lbean.isUserLoginStatus());
    }
    // System.out.println("Login status " + loginStatus);
    // if loginStatus is false for any of these filtered pages,
    goto relevant loginform
    if(!loginStatus) {
    // System.out.println("Redirecting to main page " +
    loginPage);
    hres.sendRedirect(loginPage);
    return;
    }
    }
    //deliver request to next filter
    chain.doFilter(request, response);
    }
    }
    On Wed, 2005-05-11 at 09:30 +0200, hermod.opstvedt@dnbnor.no wrote:
    Hi

    Sorry for not answering this before - Been out sailing for some days.

    SecurityFilter is SF project. I have been using it in a couple of Struts
    applications, and have now incorporated it into the MyFaces version of
    one of them that I am currently migrating.

    Hermod
  • 101questionjsf at Apr 7, 2006 at 7:47 am
    hi,

    I changed the filter pattern in web.xml from /user/* to /*.jsf, then it goes
    into infinite loop, keep calling login.jsf.
    I tried checking the uri with endWith login.jsf and login.jsp, then stop
    looping, but images and css files cannot come thru.

    Anyone has a filter to spare?

    <filter-mapping>
    <filter-name>UserSecurity</filter-name>
    <url-pattern>/*.jsf</url-pattern>
    </filter-mapping>

    Anyone can help?




    Patrick Haggood wrote:
    Here's a security filter I adapted from a sample on the Java Studio
    Creator forum:

    First the web.xml part:
    <filter>
    <filter-name>UserSecurity</filter-name>
    <filter-class>tolls.tools.UserSecurityCheckFilter</filter-class>
    </filter>



    <filter-mapping>
    <filter-name>UserSecurity</filter-name>
    <url-pattern>/user/*</url-pattern>
    </filter-mapping>

    Now the filter:

    /*
    * UserSecurityCheckFilter.java
    *
    * Created on 30 December 2004, 23:36
    */

    package tolls.tools;

    import java.io.IOException;

    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    import net.codezilla.trinity.service.LoginBean;


    /**
    *
    * @author Jonathan Buckland
    * JSC Forums
    * http://swforum.sun.com/jive/thread.jspa?messageID=185654
    */
    public class UserSecurityCheckFilter implements Filter {

    private FilterConfig config = null;
    private final static String FILTER_APPLIED =
    "_security_filter_applied";
    public UserSecurityCheckFilter() { //called once. no method
    arguments allowed here!
    }

    public void init(FilterConfig conf) throws ServletException {

    }

    public void destroy() {
    }

    /** Creates a new instance of SecurityCheckFilter */
    public void doFilter(ServletRequest request, ServletResponse
    response, FilterChain chain)
    throws IOException, ServletException {

    HttpServletRequest hreq = (HttpServletRequest)request;
    HttpServletResponse hres = (HttpServletResponse)response;
    HttpSession session = hreq.getSession();

    String checkforloginpage = hreq.getPathTranslated();

    //System.out.println("ctext path " + hreq.getContextPath());
    //System.out.println("uri " + hreq.getRequestURI());
    //System.out.println("url " + hreq.getRequestURL());
    //System.out.println("srv path " + hreq.getServletPath());
    //dont filter login.jsp because otherwise an endless loop.
    //& only filter .jsp otherwise it will filter all images etc as
    well.
    if ((request.getAttribute(FILTER_APPLIED) ==
    null)) //&&(checkforloginpage.endsWith(".jsp")))
    {
    request.setAttribute(FILTER_APPLIED, Boolean.TRUE);

    // if all else fails, goto main page
    String loginPage="/MateoWeb/MainPage.faces";
    boolean loginStatus=false;
    //If the session bean is not null get the login status
    LoginBean lbean =
    (LoginBean)session.getAttribute("loginbean");

    // if you can find session, check logins
    if(lbean!=null) {
    //System.out.println("Checking user login");
    loginStatus=(lbean.isUserLoginStatus());
    }
    // System.out.println("Login status " + loginStatus);
    // if loginStatus is false for any of these filtered pages,
    goto relevant loginform
    if(!loginStatus) {
    // System.out.println("Redirecting to main page " +
    loginPage);
    hres.sendRedirect(loginPage);
    return;
    }
    }
    //deliver request to next filter
    chain.doFilter(request, response);
    }
    }
    On Wed, 2005-05-11 at 09:30 +0200, hermod.opstvedt@dnbnor.no wrote:
    Hi

    Sorry for not answering this before - Been out sailing for some days.

    SecurityFilter is SF project. I have been using it in a couple of Struts
    applications, and have now incorporated it into the MyFaces version of
    one of them that I am currently migrating.

    Hermod



    --
    View this message in context: http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3799147
    Sent from the MyFaces - Users forum at Nabble.com.
  • Quintin Kerby at Apr 7, 2006 at 8:09 am
    Here's mine:

    <context-param>
    <description>Pages that are exempt from the authFilter.</description>
    <param-name>mil.dla.daps.web.FILTER_EXEMPTIONS</param-name>

    <param-value>/logon.jsf,/registration.jsf,/passwordRecovery.jsf,/userIdRecovery.jsf</param-value>
    </context-param>
    <filter>
    <description>Filters all incoming requests for an existing session. If
    requested file is not in the list FILTER_EXEMPTIONS,
    the request is forwarded to the logon.jsf</description>
    <display-name>authFilter</display-name>
    <filter-name>authFilter</filter-name>
    <filter-class>#######AuthorizationFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>authFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    package #####;

    import java.io.IOException;
    import java.util.*;

    import javax.servlet.*;
    import javax.servlet.http.*;

    import ######.Visit;

    import org.apache.commons.logging.Log;
    import org.apache.commons.logging.LogFactory;

    /**
    * Filters every request to verify that the user is logged in. If the
    user has not logged in and tries requests
    * a page that is not exempt from the filter, the server redirects to the
    login page.
    * <br><br>Exempt pages are listed as a comma-delimted context parameter
    in the web.xml under the key <b>FILTER_EXEMPTIONS</b>.
    * @author qkerby
    *
    */
    public class AuthorizationFilter implements Filter {
    protected final Log log = LogFactory.getLog(this.getClass());
    private FilterConfig config = null;
    private ServletContext context = null;
    private static Map exemptions = null;
    private static int contextPathLength = 0;

    /* (non-Javadoc)
    * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
    */
    public void init(FilterConfig filterConfig) throws
    ServletException {
    config = filterConfig;
    context = config.getServletContext();
    StringTokenizer tok = new
    StringTokenizer(context.getInitParameter("FILTER_EXEMPTIONS"),",");
    exemptions = new HashMap();
    while(tok.hasMoreTokens()){
    String exempt = (String) tok.nextElement();
    if(log.isInfoEnabled()){
    log.info("Exempt from authFilter:
    "+exempt);
    }
    exemptions.put(exempt,null);
    }
    }

    /* (non-Javadoc)
    * @see
    javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
    javax.servlet.ServletResponse, javax.servlet.FilterChain)
    */
    public void doFilter(ServletRequest req, ServletResponse res,
    FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest)req;
    HttpServletResponse response = (HttpServletResponse)res;
    HttpSession session = request.getSession();

    Visit visit =
    (Visit)session.getAttribute(Constants.VISIT_KEY);
    if(log.isDebugEnabled()){
    log.debug(request.getRequestURI());
    }
    if(contextPathLength == 0){
    contextPathLength =
    request.getContextPath().length();
    }

    if(!exemptions.containsKey(request.getRequestURI().substring(contextPathLength))
    && visit == null){
    response.sendRedirect(request.getContextPath()+Constants.LOGIN_VIEW);
    }
    else{
    chain.doFilter(req, res);
    }
    }

    /* (non-Javadoc)
    * @see javax.servlet.Filter#destroy()
    */
    public void destroy() {
    exemptions.clear();
    }

    }

    Quintin Kerby
    CACI, Inc.



    101questionjsf <innovest_11@yahoo.com>
    04/07/2006 03:46
    Please respond to
    "MyFaces Discussion" <users@myfaces.apache.org>


    To
    users@myfaces.apache.org
    cc

    Subject
    RE: Servlet Filter? I'm stuck







    hi,

    I changed the filter pattern in web.xml from /user/* to /*.jsf, then it
    goes
    into infinite loop, keep calling login.jsf.
    I tried checking the uri with endWith login.jsf and login.jsp, then stop
    looping, but images and css files cannot come thru.

    Anyone has a filter to spare?

    <filter-mapping>
    <filter-name>UserSecurity</filter-name>
    <url-pattern>/*.jsf</url-pattern>
    </filter-mapping>

    Anyone can help?




    Patrick Haggood wrote:
    Here's a security filter I adapted from a sample on the Java Studio
    Creator forum:

    First the web.xml part:
    <filter>
    <filter-name>UserSecurity</filter-name>
    <filter-class>tolls.tools.UserSecurityCheckFilter</filter-class>
    </filter>



    <filter-mapping>
    <filter-name>UserSecurity</filter-name>
    <url-pattern>/user/*</url-pattern>
    </filter-mapping>

    Now the filter:

    /*
    * UserSecurityCheckFilter.java
    *
    * Created on 30 December 2004, 23:36
    */

    package tolls.tools;

    import java.io.IOException;

    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    import net.codezilla.trinity.service.LoginBean;


    /**
    *
    * @author Jonathan Buckland
    * JSC Forums
    * http://swforum.sun.com/jive/thread.jspa?messageID=185654
    */
    public class UserSecurityCheckFilter implements Filter {

    private FilterConfig config = null;
    private final static String FILTER_APPLIED =
    "_security_filter_applied";
    public UserSecurityCheckFilter() { //called once. no method
    arguments allowed here!
    }

    public void init(FilterConfig conf) throws ServletException {

    }

    public void destroy() {
    }

    /** Creates a new instance of SecurityCheckFilter */
    public void doFilter(ServletRequest request, ServletResponse
    response, FilterChain chain)
    throws IOException, ServletException {

    HttpServletRequest hreq = (HttpServletRequest)request;
    HttpServletResponse hres = (HttpServletResponse)response;
    HttpSession session = hreq.getSession();

    String checkforloginpage = hreq.getPathTranslated();

    //System.out.println("ctext path " + hreq.getContextPath());
    //System.out.println("uri " + hreq.getRequestURI());
    //System.out.println("url " + hreq.getRequestURL());
    //System.out.println("srv path " + hreq.getServletPath());
    //dont filter login.jsp because otherwise an endless loop.
    //& only filter .jsp otherwise it will filter all images etc as
    well.
    if ((request.getAttribute(FILTER_APPLIED) ==
    null)) //&&(checkforloginpage.endsWith(".jsp")))
    {
    request.setAttribute(FILTER_APPLIED, Boolean.TRUE);

    // if all else fails, goto main page
    String loginPage="/MateoWeb/MainPage.faces";
    boolean loginStatus=false;
    //If the session bean is not null get the login status
    LoginBean lbean =
    (LoginBean)session.getAttribute("loginbean");

    // if you can find session, check logins
    if(lbean!=null) {
    //System.out.println("Checking user login");
    loginStatus=(lbean.isUserLoginStatus());
    }
    // System.out.println("Login status " + loginStatus);
    // if loginStatus is false for any of these filtered pages,
    goto relevant loginform
    if(!loginStatus) {
    // System.out.println("Redirecting to main page " +
    loginPage);
    hres.sendRedirect(loginPage);
    return;
    }
    }
    //deliver request to next filter
    chain.doFilter(request, response);
    }
    }
    On Wed, 2005-05-11 at 09:30 +0200, hermod.opstvedt@dnbnor.no wrote:
    Hi

    Sorry for not answering this before - Been out sailing for some days.

    SecurityFilter is SF project. I have been using it in a couple of
    Struts
    applications, and have now incorporated it into the MyFaces version of
    one of them that I am currently migrating.

    Hermod



    --
    View this message in context:
    http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3799147
    Sent from the MyFaces - Users forum at Nabble.com.
  • 101questionjsf at Apr 7, 2006 at 9:10 am
    hi,

    Thanks for your help.

    I have tried, but weird thing is that the css file and images files cannot
    be seen on the login page...

    The filter take out these css and images?


    --
    View this message in context: http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3800292
    Sent from the MyFaces - Users forum at Nabble.com.
  • Alexandre Poitras at Apr 7, 2006 at 12:37 pm
    /* filter every resources including css and images.

    By the way, /*.jsf couldn't not work since your were redirecting to a
    login.jsf page. This is why the infinite loop was always happening.
    Your login page shouldn't be a jsf page in this case.
    On 4/7/06, 101questionjsf wrote:

    hi,

    Thanks for your help.

    I have tried, but weird thing is that the css file and images files cannot
    be seen on the login page...

    The filter take out these css and images?


    --
    View this message in context: http://www.nabble.com/RE%3A-Servlet-Filter--t8978.html#a3800292
    Sent from the MyFaces - Users forum at Nabble.com.

    --
    Alexandre Poitras
    Québec, Canada

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriesmyfaces
postedMay 4, '05 at 11:44a
activeApr 7, '06 at 12:37p
posts23
users10
websitemyfaces.apache.org

People

Translate

site design / logo © 2019 Grokbase