Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Enterprise & Remote Computing >> Web Tier APIs

[Servlet Filter] Access Secure with Servlet Filter

I try to make a Servlet Filter to protect the pages access of my web site, and when an user atempt to visit an unauthorized page, the program "buckles" on the filter and not send the error page

The code of the Servllet Filter :

publicvoid doFilter(ServletRequest req, ServletResponse res,

FilterChain chain)throws IOException, ServletException{

System.out.println("Youhou");

HttpSession session =null;

try{

/*On verifie que l'user est authentifi?(presence de son objet en Session)*/

session = haveSession((HttpServletRequest) req);

/*On recup鑢e l'URI demand?/

String URI = ((HttpServletRequest)req).getRequestURI();

//On teste si la variable personne qui doit 阾re ds la session est un User ou un Admin

if(session.getAttribute("personne")instanceof User){

isUserPage(URI);

}

elseif (session.getAttribute("personne")instanceof Admin){

isAdminPage(URI);

}

chain.doFilter(req,res);

}

catch (IllegalArgumentException e)

{

envoiErreur.sendLoginError((HttpServletRequest)req,(HttpServletResponse)res,EnvoiErreur.SESSION_ERROR);

}

catch (IdentificationException e)

{

envoiErreur.sendError((HttpServletRequest)req,(HttpServletResponse)res,EnvoiErreur.RESTRICT_ERROR,null);

}

}

privatevoid isUserPage(String uri){

boolean isAuthorized =false;

for(int i=0;i<restrictedUserPages.length;i++){

if (uri.equals(BASE_URI + USER_REP + restrictedUserPages[i]))

isAuthorized =true;

}

if (!isAuthorized)

thrownew IllegalArgumentException();

}

privatevoid isAdminPage(String uri){

boolean isAuthorized =false;

System.out.println(uri);

for(int i=0;i<restrictedAdminPages.length;i++){

System.out.println(BASE_URI + USER_REP + restrictedAdminPages[i]);

if (uri.equals(BASE_URI + USER_REP + restrictedAdminPages[i]))

isAuthorized =true;

}

if (!isAuthorized)

thrownew IllegalArgumentException();

}

private HttpSession haveSession(HttpServletRequest req)throws IdentificationException{

HttpSession session = req.getSession(false);

if (session ==null || session.getAttribute("personne") ==null)

thrownew IdentificationException();

return session;

}

and the sendError method :

void sendError(HttpServletRequest req, HttpServletResponse res, String errorType, String optionnalText)throws IOException{

HttpSession s = req.getSession(true);

s.setAttribute("errorMessage",errorType);

s.setAttribute("option",optionnalText);

res.sendRedirect(res.encodeRedirectURL("./pages/error.jsp"));

}

I never see the error page on my navigator.

HAve you got an idea of the problem ?>

[5298 byte] By [Kaillea] at [2007-10-2 23:58:28]
«« SMS port number
»» Clipping a image
# 1

You can not directly modify the response object being returned to the browser.

Check the Sun J2EE tutorial on how to create a response object wrapper to access the response servlet output stream.

Also there is an example here:

http://forum.java.sun.com/thread.jspa?forumID=45&threadID=678756

tolmanka at 2007-7-14 16:45:31 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 2
I've read the sun tutorial and the topic, but I don't really understand how to apply it in my case.Can everyone help me to make a ResponseWrapper to send the error page in the authentication fail case ?
Kaillea at 2007-7-14 16:45:31 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
# 3
Up, How make a ResponseWrapper that return the error page ....
Kaillea at 2007-7-14 16:45:31 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
Enterprise & Remote Computing
Web Tier APIs

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified