Hi all,
I'm developing a little web application where a user has to login to access the site otherwise he is redirected to the login page.
I implemented this behavior putting a Servlet Filter with the code below.
If I test my application on Firefox everything works fine.
On Internet Explorer I found this :
1) try to access directly a page beyond login -> redirected to login page (OK)
2) login (OK)
3) logout (OK)
4) try to access directly a page beyond login -> accessed (fail)
What is getting me crazy is that if I run my application from Firefox the point (4) redirect me to login page as expected.
Any hint would be appreciated.
Flavio
package util;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecurityFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
}
public void destroy() {
_filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
Object validuser = null;
String requestURI = req.getRequestURI();
if (requestURI.toLowerCase().endsWith("login.jsp")) {
chain.doFilter(request, response);
return;
}
HttpSession session = req.getSession(true);
//If authorization key not in session, redirect to login page.
validuser = session.getAttribute("user");
if (validuser != null) {
//If the user is allowed access to the URI, let the flow proceed as normal
if (validuser instanceof entities.Utenti) {
chain.doFilter(request, response);
return;
}
}
//User not allowed access - redirect to login page
res.sendRedirect(req.getContextPath() + "/faces/login.jsp");
return;
}
}
package backing;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpSession;
public class FunctionBar {
public String home() {
return "home";
}
public String logout() {
util.JSFUtil.storeOnSession(FacesContext.getCurrentInstance(), "user", null);
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpSession session = (HttpSession) ectx.getSession(false);
session.invalidate();
return "logout";
}
public String anagr() {
return "anagrafiche";
}
}
package util;
import java.util.Map;
import javax.faces.context.FacesContext;
import javax.faces.el.ValueBinding;
public class JSFUtil {
public static ValueBinding getValueBinding(String expression) {
FacesContext context = FacesContext.getCurrentInstance();
return context.getApplication().createValueBinding(expression);
}
public static String getValueBindingString(String expression) {
FacesContext context = FacesContext.getCurrentInstance();
ValueBinding currentBinding = context.getApplication().createValueBinding(expression);
return (String) currentBinding.getValue(context);
}
public static Object getManagedObject(String objectName) {
FacesContext context = FacesContext.getCurrentInstance();
Object requestedObject = context.getApplication().getVariableResolver().resolveVariable(context, objectName);
return requestedObject;
}
public static void storeOnSession(FacesContext ctx, String key, Object object) {
Map sessionState = ctx.getExternalContext().getSessionMap();
sessionState.put(key, object);
}
}