91

I am using a Servlet Filter in my JSF application. I have three groups of Web pages in my application, and I want to check Authentication for these pages in my Servlet Filter:

my Folders

/Admin/ *.xhtml

/Supervisor/*.xhtml
/Employee/*.xhtml

and I am writing web.xml like

<filter>
    <filter-name>LoginFilter</filter-name>
    <filter-class>com.ems.admin.servlet.LoginFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/Employee/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/Admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/Supervisor/*</url-pattern>
</filter-mapping>

but requests like

http://localhost:8080/EMS2/faces/Html/Admin/Upload.xhtml

are not entering into Filter.

I have to provide security to these 3 folders.

How to solve this problem ?

Improve this question

2 Answers 2

Reset to default
155

If an URL pattern starts with /, then it's relative to the context root. The /Admin/* URL pattern would only match pages on http://localhost:8080/EMS2/Admin/* (assuming that /EMS2 is the context path), but you have them actually on http://localhost:8080/EMS2/faces/Html/Admin/*, so your URL pattern never matches.

You need to prefix your URL patterns with /faces/Html as well like so:

<url-pattern>/faces/Html/Admin/*</url-pattern>

You can alternatively also just reconfigure your web project structure/configuration so that you can get rid of the /faces/Html path in the URLs so that you can just open the page by for example http://localhost:8080/EMS2/Admin/Upload.xhtml.

Your filter mapping syntax is all fine. However, a simpler way to specify multiple URL patterns is to just use only one <filter-mapping> with multiple <url-pattern> entries:

<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/faces/Html/Employee/*</url-pattern>
    <url-pattern>/faces/Html/Admin/*</url-pattern>
    <url-pattern>/faces/Html/Supervisor/*</url-pattern>
</filter-mapping>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

As far as I can see multiple url-pattern elements are not allowed and do not work as expected.
@SebastianG: Your concrete problem is caused elsewhere. Note that support for multiple <url-pattern> elements was introduced in Servlet 2.5 (part of Java EE 5, released almost 7 years ago). Perhaps you're working on a prehistoric beast, or you've severe configuration problems which causes that your container runs in a fallback modus matching Servlet 2.4 or older, hereby losing all Servlet 2.5 features.
Notice that multiple <filter-mapping> will execute the same filter twice if they match the same ressource, e.g one using /* and another one using /foo.xhtml as url-pattern. I encountered this behaviour on JBoss AS 7.1.
@Paranaix: That's indeed specified behavior. Perhaps you're mixing with servlet mappings which will indeed execute only the servlet with best matching URL pattern.
stackoverflow.com/questions/12868689/…
22

In case you are using the annotation method for filter definition (as opposed to defining them in the web.xml), you can do so by just putting an array of mappings in the @WebFilter annotation:

/**
 * Filter implementation class LoginFilter
 */
@WebFilter(urlPatterns = { "/faces/Html/Employee","/faces/Html/Admin", "/faces/Html/Supervisor"})
public class LoginFilter implements Filter {
    ...

And just as an FYI, this same thing works for servlets using the servlet annotation too:

/**
 * Servlet implementation class LoginServlet
 */
@WebServlet({"/faces/Html/Employee", "/faces/Html/Admin", "/faces/Html/Supervisor"})
public class LoginServlet extends HttpServlet {
    ...
Improve this answer

3 Comments

Isn't it better to extends a Filter instead of HttpServlet even if it is only an example?
A filter can be executed for different servlet URL patterns. You can not replace a filter with a servlet.
He wants a filter behavior, not a servlet one. I guess he has already mapped those URLs to servlets.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.