Filters for Authentication & Security
In developing web application security is the most important one,for example a web application is running on port number 8080 (default for tomcat) the application name be Sample.For connecting the application we will
the type the following address in the url http://localhost:8080/Sample and then logging inside the application the url changes as you click the pages and navigate inside the app.Try to collect any of the url from the app that your r navigating and and paste in different browser if that particular page is opened then your app needs as security checks.In Java there is cool concept called Filters.
Filters are are application-level Java code components within a J2EE Web application.They can act as gatekeeper's to your web-app checking the logging in credentials, validating from which page request came and the other very useful things
In the web.xml you have to define the filters
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
In the above mapping whatever request goes to your web-app it is first intercepted by Filter
Filter has ServletRequest and ServletResponse you need it to type cast to HttpServletRequest and HttpServletResponse for getting the username from the request and session. The Logic of the below program is simple.
we are checking whether the request comes from the loginpage if yes the user has entered username in the loginpage so the parameter we are getting using request and checking whether that value is null if it is not null then setting that value to session and leaving the process to application.
If the request is not from the loginpage we are checking whether the username is in session if yes then allow him to go through the app if not throw the user to login page and ask him to enter
Sample Filter Code
public class AuthFilter implements Filter {
private FilterConfig config;
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
this.config=arg0;
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
/* Type Casting request and response */
HttpSession session = ((HttpServletRequest) request).getSession();
ServletContext context = config.getServletContext();
HttpServletResponse serresponse=(HttpServletResponse)response;
/*
* use the ServletContext.log method to log filter messages
*/
String AUTH_PAGE="/LoginPage.jsp";
String username=null;
String sessusername=null;
String filename=null;
HttpServletRequest serrequest=null;
serrequest=(HttpServletRequest)request;
/* Getting the File Name */
filename=serrequest.getServletPath()+serrequest.getPathInfo();
/* Checking the File Name*/
if(AUTH_PAGE.equals(filename))
{
/* Getting the username from the MainPage */
username=serrequest.getParameter("usernname");
if(username==null)
{
sessusername=(String)session.getAttribute("usernname");
if(sessusername==null&&sessusername.trim().equals(""))
{
serresponse.sendRedirect(serrequest.getContextPath()+AUTH_PAGE);
}
serresponse.sendRedirect(serrequest.getContextPath()+AUTH_PAGE);
}
session.setAttribute("username",username);
chain.doFilter(request, response);
}
else
{ if(session.getAttribute("username")!=null&&!session.getAttribute("username").toString().trim().equals(""))
{
chain.doFilter(request, response);
}
else
{
serresponse.sendRedirect(serrequest.getContextPath()+AUTH_PAGE);
}
}
}
public void destroy() {
}
}
Powered by ScribeFire.
0 comments:
Post a Comment