Boa tarde, pessoal como é criar um filtro para quando o usuário acessar uma página ele deve cai neste filtro para digitar uma senha ? é normal o uso do Filter de Servlet ????? mesmo utilizando JSF ou Struts... vocês util…

Filter em aplicações Web

Eu utilizo o Filter para gerar logs de acesso antes mesmo da entrada de login…o filter é a primeira função a ser chamada na aplicação…

Voce deve fazer assim:
no seu web.xml:

&lt;filter&gt;
        &lt;filter-name&gt;LogFilter&lt;/filter-name&gt;
        &lt;filter-class&gt;br.com.algumacoisa.LogFilter&lt;/filter-class&gt;
        &lt;init-param&gt;
            &lt;param-name&gt;logfileAcess&lt;/param-name&gt;
            &lt;param-value&gt;/LOG/registro.log&lt;/param-value&gt;
        &lt;/init-param&gt;
    &lt;/filter&gt;

tambem no web.xml:

&lt;filter-mapping&gt;
        &lt;filter-name&gt;LogFilter&lt;/filter-name&gt;
        &lt;url-pattern&gt;*.jsp&lt;/url-pattern&gt;
    &lt;/filter-mapping&gt;

O filtro esta em cima de todas as jsp acessadas…

Segue a classe:

public class LogFilter extends HttpServlet implements Filter {

  public void init(FilterConfig filterConfig) {

  }
	
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) {
	try {
		
		  HttpServletRequest req = (HttpServletRequest)request;
		  HttpSession ses = (HttpSession)req.getSession(true);
		  filterChain.doFilter(request, response);
	}
	catch(ServletException sx) {
	  Debug.log(sx.getMessage(),1);
	}
	catch(IOException iox) {
	  Debug.log(iox.getMessage(),1);
	} 
	catch (FatalException e) {

		e.printStackTrace();
	}
  }
  
  public void destroy() {
  }
}

Implementei um filtro, porém todas as vezes que ele chama o doFilter ele cria uma nova sessão, e meu redirecionamento por conta de um time out nunca funciona. Alguém ja passou por isso ?

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletContext;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

import nz.co.fal.ifcs.web.application.Visit;

public class AuthorizationFilter implements Filter {

private FilterConfig config = null;

private ServletContext servletContext = null;

public AuthorizationFilter() {

}

public void init(FilterConfig filterConfig) {

config = filterConfig;
servletContext = config.getServletContext();

}

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {

HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);

String requestPath = httpRequest.getPathInfo();

Visit visit = (Visit) session.getAttribute(Constants.VISIT_KEY);
/*
 * If trying to access a secured paged the user must be logged on and have a current session
 * ie the visit object must exist
 */
if (isSessionControlRequiredForThisResource(httpRequest)) {   
  
  // is session invalid?   

  if (isSessionInvalid(httpRequest)) {   

      session.setAttribute(Constants.ORIGINAL_VIEW_KEY, requestPath);
      Utils.log(servletContext, "Session is invalid! redirecting to timeoutpage, redirecting to: " + httpRequest.getContextPath());
      
      System.out.println("Session is invalid! redirecting to timeoutpage, redirecting to: " + httpRequest.getContextPath());
      
      httpResponse.sendRedirect(httpRequest.getContextPath());   
      return;   

  }   
}  
  session.removeAttribute(Constants.ORIGINAL_VIEW_KEY);
  chain.doFilter(request, response);

}

public void destroy() {

<a href="//this.config">//this.config</a> = null;

}

session shouldn?t be checked for some pages. For example: for timeout
page… Since we?re redirecting to timeout page from this filter, if we
don?t disable session control for it, filter will again redirect to it
and this will be result with an infinite loop?
*/

private boolean isSessionControlRequiredForThisResource(
HttpServletRequest httpServletRequest) {

String requestPath = httpServletRequest.getRequestURI();   
  boolean controlRequired = !org.apache.commons.lang.StringUtils   
          .contains(requestPath, Constants.LOGIN_VIEW);   

  return controlRequired;

}

private boolean isSessionInvalid(HttpServletRequest httpServletRequest) {

if(httpServletRequest.getRequestedSessionId() != null && httpServletRequest.isRequestedSessionIdValid() == false) {  
  return true;
}
return false;

}

2 Respostas

Topicos relacionados