Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 1 of 1
  1. #1
    New to the CF scene
    Join Date
    Jan 2013
    Thanked 0 Times in 0 Posts

    J2EE User Authentication using servlet filters

    Filters can be used to transform the response from a servlet or a JSP page and can perform many functions as follows

    User Authentication- Blocking requests based on user identity.
    Logging and auditing-Tracking users and the actions performed.
    Image conversion- Scaling, sqeezing etc
    Data compression-For making the download easier.
    Localization-Targeting the request and response to a particular locale.

    A filter is a Java class which implements the javax.servlet.Filter interface . The javax.servlet.Filter interface defines three methods as given below.

    • public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) This method is called each time when a request/response pair is passed.
    • public void init(FilterConfig filterConfig) init() method is used to initialize the filter and this is invoked only once.
    • public void destroy() This method is called to indicate that a filter is being taken out of service

    Below given example discribes the filter implemetation for user authentication


    package com.servlet.filter.UserAuthFilter ;

    import java.io.IOException;
    import java.util.ArrayList;
    import java.util.StringTokenizer;
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    // Implements Filter class
    public class UserAuthFilter implements Filter {

    private ArrayList urlList;

    public void destroy() {

    public void doFilter(ServletRequest req, ServletResponse res,
    FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    String url = request.getServletPath();
    boolean allowedRequest = false;
    String strURL = "";

    // To check if the url can be excluded or not
    for (int i = 0; i < urlList.size(); i++) {
    strURL = urlList.get(i).toString();
    if (url.startsWith(strURL)) {
    allowedRequest = true;

    if (!allowedRequest) {
    HttpSession session = request.getSession(false);
    if (session == null
    || session.getAttribute("session_uname") == null) {
    // Forward the control to login.jsp if authentication fails
    chain.doFilter(req, res);

    public void init(FilterConfig config) throws ServletException {
    // Read the URLs to be avoided for authentication check (From web.xml)
    String urls = config.getInitParameter("avoid-urls");
    StringTokenizer token = new StringTokenizer(urls, ",");
    StrUrlList = new ArrayList();
    while (token.hasMoreTokens()) {


    <filter-class>com.servlet.filter.UserAuthFilter </filter-class>
    Last edited by vinyl-junkie; 01-26-2013 at 01:48 PM. Reason: Self-promotion link removed


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts