0

I've a filter used to intercept all my requests to check the validity of my logged in user within the session before process to the target. But the problem is that it keeps redirecting to the login page when trying to log in ?

Reference used : https://stackoverflow.com/questions/13274279/authentication-filter-and-servlet-for-login

filter

public class AuthenticationFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("Filter init method()");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        System.out.println("Filter doFilter method()");
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        HttpSession session = req.getSession();
        Users loggedIn = (Users) session.getAttribute("LoggedInUser");
        boolean loggedInUser = session != null && session.getAttribute("LoggedInUser") != null;
        String logInURI = req.getContextPath() + "/loginPage.jsp";
        boolean loginRequest = req.getRequestURI().equals(logInURI);
        if (loggedInUser || loginRequest) {
            chain.doFilter(request, response);
        } else {
            res.sendRedirect(logInURI);
        }
    }

    @Override
    public void destroy() {
    }

}

web.xml

<filter>
        <filter-name>AuthenticationFilter</filter-name>
        <filter-class>AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>AuthenticationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
Casper
  • 49
  • 1
  • 10

1 Answers1

0

after more investigation here is the solution that works fine for me :

@Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        HttpSession session = req.getSession();

        /* Check if the user within the session */
        boolean loggedInUser = session.getAttribute("LoggedInUser") != null;

        /* Get the login uri, to avoid infinite loop */
        String logInURI = req.getContextPath() + "/loginPage.jsp";

        /* Current reuest */
        String currentReq = req.getRequestURI();

        /* Get LoginServlet req */
        String loginServlet = req.getContextPath() + "/LoginServlet";

        /* Check if current request is for loginServlet */
        boolean loginServletReq = currentReq.equals(loginServlet);

        /* Check if the request is equal to login page */
        boolean loginRequest = currentReq.equals(logInURI);

        if (loginRequest) {
            chain.doFilter(req, res);
        } else if (loggedInUser) {
            chain.doFilter(req, res);
        } else if (loginServletReq) {
            chain.doFilter(req, res);
        } else {
            res.sendRedirect(logInURI);
        }

    }
Casper
  • 49
  • 1
  • 10