views:

38

answers:

1

I already have two filters, which typically checks for a valid session. If session is valid it ll redirect to the ExpenseDetailsManagement.html else ExpenseManagementLogin.html. The web.xml config looks like,

    <filter>
    <filter-name>ExpenseAuthentication</filter-name>
    <filter-class>com.pricar.hibernate.ExpenseAuthentication</filter-class>
</filter>
<filter>
    <filter-name>ExpenseAuthenticationFilter</filter-name>
    <filter-class>com.pricar.hibernate.ExpenseAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ExpenseAuthentication</filter-name>
    <url-pattern>*/ExpenseDetailsManagement.html</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>ExpenseAuthenticationFilter</filter-name>
    <url-pattern>*/ExpenseManagementLogin.html</url-pattern>
</filter-mapping>

The above two were working fine. The application path looks like http://localhost:8080/Hibernate/ExpenseManagementLogin.html

If i tries with http://localhost:8080/Hibernate, then ExpenseManagementLogin.htmlis loading even if i have a valid session.

For that i tried some url-mapping-patterns like Hibernate/, /Hibernate/, /* then its ends with infinite looping or resource not found error.

My web-app just have two html pages, one for login and another for app-stuff.

Any suggestions!!!

+1  A: 

Why do you use two filters?

Remove ExpenseAuthentificationFilter. In the simplest case, place the ExpenseManagementLogin.html file in the root of the war. Add a Servlet or a JSP as the login form target. Configure the page ExpenseDetailsManagement.html as the default page.

Then the following scenario is possible:

  • The user calls http://localhost:8080/Hibernate
  • Server redirects to the default page http://localhost:8080/Hibernate/ExpenseDetailsManagement.html
  • When the browser requests this page, the the remaining servlet filter is called.
  • Inside the filter redirect to http://localhost:8080/Hibernate/ExpenseManagementLogin.html, if no valid session is active.
  • The user fills in the login form and submits the form. In the servlet or JSP page (the submit target handler) you check login and password and if it is valid you send a redirect to http://localhost:8080/Hibernate/ExpenseDetailsManagement.html.
  • Now, when the browser requests this side the second time, the servlet filter sees the valid session and does nothing, so that the protected page can be delivered.

You can also use JAAS to handle login and authentification.

vanje
@Vanje: Your logic in the answer is pretty cool. But, i changed the welcome page to `ExpenseDetailsManagement.html`. Its not going through the servlet filter. It just loading. I am using eclipse.
NooBDevelopeR
Ok, I thought, the servlet container would do a redirect. But instead it only forwards to the target page.
vanje
Then create a JSP page index.jsp, set the welcome page to index.jsp and do the redirect manually like `<% response.sendRedirect("ExpenseDetailManagement.html"); %>` Then `ExpenseDetailManagement.html` is always requested via the correct URL and not as a forward.
vanje