Cannot find FacesContext when redirect from inside SecurityFilter.doFilter
I am attempting to implement JAAS security into my web application created using Studio Creator 2 Update 1 and am running into a conflict between my Security filter and the FacesContext.
I've followed the steps in the JAASAuthentication sample and technical articles from the Studio Creator site. I am using the Sun App Server 8 that came bundled with Creator 2U1.
When I debug my application the filter kicks in properly and the doFilter method executes, but when the app tries to redirect to "login.jsp" I get the "Cannot find Faces Context" error.
How do I have my filter work in such a way that it does not interrupt the FacesContext?
My web.xml entries are as follows (created using the Creator GUI, so should be in correct order):
<filter>
<description>Handles redirection to login.jsp</description>
<filter-name>SecurityFilter</filter-name>
<filter-class>cdmweb.security.SecurityFilter</filter-class>
</filter>
...
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
(Note: when I set my url-pattern to "/faces/*.jsp" the filter does not kick in when the app starts up index.jsp.)
My doFilter method is as follows (standard based on the jaasauthentication sample):
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
HttpSession session = req.getSession();
String requestedPage = req.getPathTranslated();
String user=null;
//We dont want to filter certain pages which include the Login.jsp/Register.jsp/Help.jsp
if(request.getAttribute(FILTER_APPLIED) == null) {
//check if the page requested is the login page or register page
if((!requestedPage.endsWith("Login.jsp")) && (!requestedPage.endsWith("Register.jsp")) && (!requestedPage.endsWith("Help.jsp"))){
//Requested page is not login.jsp or register.jsp therefore check for user logged in..
//set the FILTER_APPLIED attribute to true
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
//Check that the session bean is not null and get the session bean property username.
if(((cdmweb.SessionBean1)session.getAttribute("SessionBean1"))!=null) {
user = ((cdmweb.SessionBean1)session.getAttribute("SessionBean1")).getUserId();
}
if((user==null)||(user.equals(""))) {
res.sendRedirect("login.jsp");
return;
}
}
}
//deliver request to next filter
chain.doFilter(request, response);
}
Thanks, Rebecca
I've followed the steps in the JAASAuthentication sample and technical articles from the Studio Creator site. I am using the Sun App Server 8 that came bundled with Creator 2U1.
When I debug my application the filter kicks in properly and the doFilter method executes, but when the app tries to redirect to "login.jsp" I get the "Cannot find Faces Context" error.
How do I have my filter work in such a way that it does not interrupt the FacesContext?
My web.xml entries are as follows (created using the Creator GUI, so should be in correct order):
<filter>
<description>Handles redirection to login.jsp</description>
<filter-name>SecurityFilter</filter-name>
<filter-class>cdmweb.security.SecurityFilter</filter-class>
</filter>
...
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
(Note: when I set my url-pattern to "/faces/*.jsp" the filter does not kick in when the app starts up index.jsp.)
My doFilter method is as follows (standard based on the jaasauthentication sample):
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
HttpSession session = req.getSession();
String requestedPage = req.getPathTranslated();
String user=null;
//We dont want to filter certain pages which include the Login.jsp/Register.jsp/Help.jsp
if(request.getAttribute(FILTER_APPLIED) == null) {
//check if the page requested is the login page or register page
if((!requestedPage.endsWith("Login.jsp")) && (!requestedPage.endsWith("Register.jsp")) && (!requestedPage.endsWith("Help.jsp"))){
//Requested page is not login.jsp or register.jsp therefore check for user logged in..
//set the FILTER_APPLIED attribute to true
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
//Check that the session bean is not null and get the session bean property username.
if(((cdmweb.SessionBean1)session.getAttribute("SessionBean1"))!=null) {
user = ((cdmweb.SessionBean1)session.getAttribute("SessionBean1")).getUserId();
}
if((user==null)||(user.equals(""))) {
res.sendRedirect("login.jsp");
return;
}
}
}
//deliver request to next filter
chain.doFilter(request, response);
}
Thanks, Rebecca