Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

LoginFilter & j_security_check

843811Jul 10 2006 — edited Jul 11 2006
Hi,

I'm tryting to use a pre login filter for the j_security_check
I want to perform an action before the j_security_check is submitted, and I thought that this is the place to do it.

When I undeploy my jar I get to the destroy method, when I redploy it I get to the init method, and right after submitting the action (pressing the OK button in the login page) I want to get to the doFilter method - but I don't.

My LoginFilter code is:
public class LoginFilter implements Filter
{
	protected FilterConfig filterConfig = null;

	/**
	 * init() : init() method called when the filter is instantiated. This
	 * filter is instantiated first time j_security_check is invoked for the
	 * application (when a protected servlet in the application is accessed).
	 */
	public void init(FilterConfig filterConfig) throws ServletException
	{
		this.filterConfig = filterConfig;
		filterConfig.getServletContext().log(":: PostLoginFilter - init");
	}

	/**
	 * destroy() : destroy() method called when the filter is taken out of
	 * service.
	 */
	public void destroy()
	{
		filterConfig.getServletContext().log(":: PostLoginFilter - destroy");
		this.filterConfig = null;
	}

	/**
	 * doFilter() : doFilter() method called before the servlet that this filter
	 * is mapped is invoked. Since this filter is mapped to j_security_check,
	 * this method is called before j_security_check action is posted.
	 */
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws java.io.IOException, ServletException
	{
		filterConfig.getServletContext().log(":: preLoginFilter - doFilter");

		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;

		// pre login action

		// get username
		String username = req.getParameter("j_username");
		String password = req.getParameter("j_password");
		filterConfig.getServletContext().log(":: username - " + username + 
				" ; password - " + password);
		
		chain.doFilter(request, response);
		filterConfig.getServletContext().log(":: postLoginFilter - doFilter");
		// post login action
	}
}
In the web.xml I defined:
<filter id="Filter_1">
    <filter-name>LoginFilter</filter-name>
    <display-name>LoginFilter</display-name>
    <filter-class>com.imagine.em.common.filters.LoginFilter</filter-class>
    <description>Performs pre-login and post-login operation</description>
</filter>

<filter-mapping>
     <filter-name>LoginFilter</filter-name>
     <url-pattern>/j_security_check</url-pattern>
</filter-mapping>

<security-constraint>
    <display-name>require valid user</display-name>
    <web-resource-collection>
      <web-resource-name>EM application</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>*.htm</url-pattern>
      <url-pattern>*.html</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Admin</role-name>
      <role-name>Regular</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>EM Application</realm-name>
    <form-login-config>
      <form-login-page>/faces/html/common/login.jsp</form-login-page>
      <form-error-page>/faces/html/common/login.jsp?failed=true</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>Admin</role-name>
</security-role>  	
<security-role>
    <role-name>Regular</role-name>
</security-role>
Why don't I get to the doFilter method? I want it to be a pre login action.

Thanks a lot,
Efrat
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 8 2006
Added on Jul 10 2006
1 comment
881 views