Boa tarde, pessoal como é criar um filtro para quando o usuário acessar uma página ele deve cai neste filtro para digitar uma senha ? é normal o uso do Filter de Servlet ??? mesmo utilizando JSF ou Struts…
vocês utilizam este filter mesmo ?
[]'s
Eu utilizo o Filter para gerar logs de acesso antes mesmo da entrada de login…o filter é a primeira função a ser chamada na aplicação…
Voce deve fazer assim:
no seu web.xml:
<filter>
<filter-name>LogFilter</filter-name>
<filter-class>br.com.algumacoisa.LogFilter</filter-class>
<init-param>
<param-name>logfileAcess</param-name>
<param-value>/LOG/registro.log</param-value>
</init-param>
</filter>
tambem no web.xml:
<filter-mapping>
<filter-name>LogFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
O filtro esta em cima de todas as jsp acessadas…
Segue a classe:
public class LogFilter extends HttpServlet implements Filter {
public void init(FilterConfig filterConfig) {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) {
try {
HttpServletRequest req = (HttpServletRequest)request;
HttpSession ses = (HttpSession)req.getSession(true);
filterChain.doFilter(request, response);
}
catch(ServletException sx) {
Debug.log(sx.getMessage(),1);
}
catch(IOException iox) {
Debug.log(iox.getMessage(),1);
}
catch (FatalException e) {
e.printStackTrace();
}
}
public void destroy() {
}
}
Implementei um filtro, porém todas as vezes que ele chama o doFilter ele cria uma nova sessão, e meu redirecionamento por conta de um time out nunca funciona. Alguém ja passou por isso ?
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import nz.co.fal.ifcs.web.application.Visit;
public class AuthorizationFilter implements Filter {
private FilterConfig config = null;
private ServletContext servletContext = null;
public AuthorizationFilter() {
}
public void init(FilterConfig filterConfig) {
config = filterConfig;
servletContext = config.getServletContext();
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);
String requestPath = httpRequest.getPathInfo();
Visit visit = (Visit) session.getAttribute(Constants.VISIT_KEY);
/*
* If trying to access a secured paged the user must be logged on and have a current session
* ie the visit object must exist
*/
if (isSessionControlRequiredForThisResource(httpRequest)) {
// is session invalid?
if (isSessionInvalid(httpRequest)) {
session.setAttribute(Constants.ORIGINAL_VIEW_KEY, requestPath);
Utils.log(servletContext, "Session is invalid! redirecting to timeoutpage, redirecting to: " + httpRequest.getContextPath());
System.out.println("Session is invalid! redirecting to timeoutpage, redirecting to: " + httpRequest.getContextPath());
httpResponse.sendRedirect(httpRequest.getContextPath());
return;
}
}
session.removeAttribute(Constants.ORIGINAL_VIEW_KEY);
chain.doFilter(request, response);
}
public void destroy() {
//this.config = null;
}
/*
- session shouldn?t be checked for some pages. For example: for timeout
- page… Since we?re redirecting to timeout page from this filter, if we
- don?t disable session control for it, filter will again redirect to it
- and this will be result with an infinite loop?
*/
private boolean isSessionControlRequiredForThisResource(
HttpServletRequest httpServletRequest) {
String requestPath = httpServletRequest.getRequestURI();
boolean controlRequired = !org.apache.commons.lang.StringUtils
.contains(requestPath, Constants.LOGIN_VIEW);
return controlRequired;
}
private boolean isSessionInvalid(HttpServletRequest httpServletRequest) {
if(httpServletRequest.getRequestedSessionId() != null && httpServletRequest.isRequestedSessionIdValid() == false) {
return true;
}
return false;
}
}