I am developing a web application using Java/J2EE and JSF. My application contains a several pages with a login page where the user enters his login and password. My problem is when i enter the url of any page i can access to it without going through the login page. How to prevent this?
Asked
Active
Viewed 81 times
-1
-
1Possible duplicate: http://stackoverflow.com/a/8480241/1362049 – Simon Arsenault Nov 21 '13 at 13:10
-
What configuration do you have for Java EE security in your web.xml file? You may wish to revisit the Security Roles guide from Sun whilst combing through your configuration: http://docs.oracle.com/javaee/5/tutorial/doc/bncav.html – 8bitjunkie Nov 21 '13 at 13:40
-
possible duplicate of [How implement a login filter in JSF?](http://stackoverflow.com/questions/8480100/how-implement-a-login-filter-in-jsf) – Luiggi Mendoza Nov 21 '13 at 14:56
1 Answers
-1
The answer u've suggested to me didn't work for me. I was obliged to override the init() method as this:
public void init(FilterConfig filterConfig) throws ServletException {
String urls = filterConfig.getInitParameter("restrictedPages");
StringTokenizer token = new StringTokenizer(urls, ",");
ArrayList<String> urlList = new ArrayList<>();
while (token.hasMoreTokens()) {
urlList.add(token.nextToken());
}
}
And i've added this lines in the web. xml
<init-param>
<param-name>restrictedPages</param-name>
<param-value>/login.jsp</param-value>
</init-param>
And my doFilter method is:
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("idCustomer") == null) {
response.sendRedirect("/login.jsp");
} else {
chain.doFilter(req, res);
}
}
junior developper
- 448
- 2
- 19
- 40