0

i have implemented authorization filter using this Basic Security in JSF question as follows that is called for every page (each and every page) of the application to check whether user is allowed to access that page or not. Grunt code of the filter is as follows

  public void doFilter(ServletRequest request, ServletResponse response,
                FilterChain chain) throws IOException, ServletException
 {

  HttpServletRequest httpRequest = (HttpServletRequest)request;
  HttpServletResponse httpResponse = (HttpServletResponse)response;
  HttpSession session = httpRequest.getSession();

  String requestPath = httpRequest.getPathInfo();
  String sevPath = httpRequest.getServletPath();



    if (sevPath.equals("/pages/login.jsf"))
    chain.doFilter(request, response);




     if (!sevPath.equals("/pages/login.jsf"))
     {
 if (((HttpServletRequest) request).getSession().getAttribute(
        AuthenticationBean.AUTH_USER) == null) 
  {
    ((HttpServletResponse) response).sendRedirect("/pages/login.jsf");
}
    else
{
    //..........................get user
        AuthenticationBean user = null;
        try
         {

        error: user = (AuthenticationBean) FacesContext.getCurrentInstance().
            getExternalContext().getSessionMap().get("authenticationBean");
         }
         catch (Exception ex)
         {
          ex.printStackTrace();
         }
         finally
         {

         }
    //...................................
        if (!user.getCurrentUser().getUserRole().equals("ADMIN"))
    {
        httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND,"Restricted Access");
    }
        else
        {
            chain.doFilter(request, response);
        }

}
}


}

I get NullPointerException on the line prefixed as error: in above code. Cant i reference been directly in a Filter? or what else could be the cause of this error. Thanks in advance.

Community
  • 1
  • 1
learner
  • 757
  • 2
  • 14
  • 35

0 Answers0