Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 1 of 1
  1. #1
    New to the CF scene
    Join Date
    Jan 2013
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    J2EE User Authentication using servlet filters

    Filters can be used to transform the response from a servlet or a JSP page and can perform many functions as follows

    User Authentication- Blocking requests based on user identity.
    Logging and auditing-Tracking users and the actions performed.
    Image conversion- Scaling, sqeezing etc
    Data compression-For making the download easier.
    Localization-Targeting the request and response to a particular locale.

    A filter is a Java class which implements the javax.servlet.Filter interface . The javax.servlet.Filter interface defines three methods as given below.


    • public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) This method is called each time when a request/response pair is passed.
    • public void init(FilterConfig filterConfig) init() method is used to initialize the filter and this is invoked only once.
    • public void destroy() This method is called to indicate that a filter is being taken out of service



    Below given example discribes the filter implemetation for user authentication

    UserAuthFilter.java


    package com.servlet.filter.UserAuthFilter ;

    import java.io.IOException;
    import java.util.ArrayList;
    import java.util.StringTokenizer;
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    // Implements Filter class
    public class UserAuthFilter implements Filter {

    private ArrayList urlList;

    public void destroy() {
    }

    public void doFilter(ServletRequest req, ServletResponse res,
    FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    String url = request.getServletPath();
    boolean allowedRequest = false;
    String strURL = "";

    // To check if the url can be excluded or not
    for (int i = 0; i < urlList.size(); i++) {
    strURL = urlList.get(i).toString();
    if (url.startsWith(strURL)) {
    allowedRequest = true;
    }
    }

    if (!allowedRequest) {
    HttpSession session = request.getSession(false);
    if (session == null
    || session.getAttribute("session_uname") == null) {
    // Forward the control to login.jsp if authentication fails
    request.getRequestDispatcher("/login.jsp").forward(request,
    response);
    }
    }
    chain.doFilter(req, res);
    }

    public void init(FilterConfig config) throws ServletException {
    // Read the URLs to be avoided for authentication check (From web.xml)
    String urls = config.getInitParameter("avoid-urls");
    StringTokenizer token = new StringTokenizer(urls, ",");
    StrUrlList = new ArrayList();
    while (token.hasMoreTokens()) {
    StrUrlList.add(token.nextToken());
    }
    }
    }

    web.xml


    ...
    ...
    <filter>
    <filter-name>UserAuthFilter</filter-name>
    <filter-class>com.servlet.filter.UserAuthFilter </filter-class>
    <init-param>
    <param-name>avoid-urls</param-name>
    <param-value>/login.jsp,/static.jsp</param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>UserAuthFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    ...
    ...
    Last edited by vinyl-junkie; 01-26-2013 at 01:48 PM. Reason: Self-promotion link removed


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •