Using servletRequest and servletResponse to redirect
Hi,
In researching ways to prevent direct access to pages in a jsf application, I came across a filter made by oracle. It seems to be a good filter so I decided to use it. It checks to see if the request is GET because, with the exception of redirect, JSF navigation is all POST and a GET request would indicate a user trying to access the page. So after it checks to see if its a GET request, I have to do something using the references to the servletRequest and servletResponse objects to somehow either clear the information that is to be displayed and enter my own or redirect the page to the login which is exempt from the filter. I have never used the servlet objects so I am sorry if this is a really easy question but any help I can get is much appreciated. On a side note, I am able to display a message using servletResponse.getOutputStream(); and editing it but this just displays the message above the content of the page I am trying to prevent navigation to.
Thanks all
[1001 byte] By [
jco1323a] at [2007-11-27 9:09:10]
# 2
Thanks thats exactly what I did. However, I am now having issues with the sendRedirect method. For some of my pages when I try to access them directly it works fine. However, when I try to access other ones, I get:
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException
javax.faces.webapp.FacesServlet.service(FacesServlet.java:156)
wally.ApplicationAccessFilter.doFilter(ApplicationAccessFilter.java:47)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:144)
root cause
java.lang.IllegalStateException
org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:405)
javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:108)
com.sun.facelets.FaceletViewHandler.handleFaceletNotFound(FaceletViewHandler.java:695)
com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:644)
org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:384)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:138)
wally.ApplicationAccessFilter.doFilter(ApplicationAccessFilter.java:47)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:144)
Does anyone know why this would happen only for some pages. After further testing, I also found out that this is the error I get if I try to access a page in where my pages are stored that doesnt exist. For example, MyApp/pages/existingpage.faces and MyApp/pages/doesntexist.faces both give the same error whereas MyApp/pages/otherexistingpage.faces correctly redirects me to the login screen.
Thanks in advance
# 4
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (((HttpServletRequest)request).getMethod().equalsIgnoreCase("GET") &&
!isAllowedPage(request)){
HttpServletResponse res = (HttpServletResponse)response;
res.sendRedirect("./login.faces");
_filterConfig.getServletContext().log("User "+((HttpServletRequest)request).getRemoteUser() +" doesn't play by the rules !");
}
chain.doFilter(request, response);
}
In the method, the call to isAllowedPage runs a method that determines if the page can be directly accessed but that part runs fine because I used when I was debugging it entered the if statement when it was supposed to. I am getting the error on pages that I am trying to prevent access to. The only page that allows direct access is login.faces. The problem is some of the pages are redirecting correctly and some of them are giving me the exception and I don't know why.
