LoginFilter & j_security_check
Hi,
I'm tryting to use a pre login filter for the j_security_check
I want to perform an action before the j_security_check is submitted, and I thought that this is the place to do it.
When I undeploy my jar I get to the destroy method, when I redploy it I get to the init method, and right after submitting the action (pressing the OK button in the login page) I want to get to the doFilter method - but I don't.
My LoginFilter code is:
publicclass LoginFilterimplements Filter
{
protected FilterConfig filterConfig =null;
/**
* init() : init() method called when the filter is instantiated. This
* filter is instantiated first time j_security_check is invoked for the
* application (when a protected servlet in the application is accessed).
*/
publicvoid init(FilterConfig filterConfig)throws ServletException
{
this.filterConfig = filterConfig;
filterConfig.getServletContext().log(":: PostLoginFilter - init");
}
/**
* destroy() : destroy() method called when the filter is taken out of
* service.
*/
publicvoid destroy()
{
filterConfig.getServletContext().log(":: PostLoginFilter - destroy");
this.filterConfig =null;
}
/**
* doFilter() : doFilter() method called before the servlet that this filter
* is mapped is invoked. Since this filter is mapped to j_security_check,
* this method is called before j_security_check action is posted.
*/
publicvoid doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)throws java.io.IOException, ServletException
{
filterConfig.getServletContext().log(":: preLoginFilter - doFilter");
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
// pre login action
// get username
String username = req.getParameter("j_username");
String password = req.getParameter("j_password");
filterConfig.getServletContext().log(":: username - " + username +
" ; password - " + password);
chain.doFilter(request, response);
filterConfig.getServletContext().log(":: postLoginFilter - doFilter");
// post login action
}
}
In the web.xml I defined:
<filter id="Filter_1">
<filter-name>LoginFilter</filter-name>
<display-name>LoginFilter</display-name>
<filter-class>com.imagine.em.common.filters.LoginFilter</filter-class>
<description>Performs pre-login and post-login operation</description>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
<security-constraint>
<display-name>require valid user</display-name>
<web-resource-collection>
<web-resource-name>EM application</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.htm</url-pattern>
<url-pattern>*.html</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Regular</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>EM Application</realm-name>
<form-login-config>
<form-login-page>/faces/html/common/login.jsp</form-login-page>
<form-error-page>/faces/html/common/login.jsp?failed=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Regular</role-name>
</security-role>
Why don't I get to the doFilter method? I want it to be a pre login action.
Thanks a lot,
Efrat
