T
tnavarra
Hello,
Would like to hear everyones thoughts on this. I have a simple web
application that I am developing and would like for every servlet in
the application to require session authentication. My idea is to use
a filter on the web application to check for a valid session and if no
valid session exists, redirect to the login page. So I create my
filter (AuthenticationFilter) and add the following to my deployment
descriptor.
<filter>
<description>
</description>
<display-name>
AuthenticationFilter</display-name>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>filters.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
The problem is that the servlet where the session is created is under
the directory specified in the url pattern. My question is, how can I
exclude certain servlets, such as the login processor servlet, from
this filter? I want to have this authentication for all new servlets
added to the application without having to declare the mapping in the
deployment descriptor. Does anyone have a better approach for form
based authentication that I may be missing?
Thanks for your opinions!!!!!!!!
Would like to hear everyones thoughts on this. I have a simple web
application that I am developing and would like for every servlet in
the application to require session authentication. My idea is to use
a filter on the web application to check for a valid session and if no
valid session exists, redirect to the login page. So I create my
filter (AuthenticationFilter) and add the following to my deployment
descriptor.
<filter>
<description>
</description>
<display-name>
AuthenticationFilter</display-name>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>filters.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
The problem is that the servlet where the session is created is under
the directory specified in the url pattern. My question is, how can I
exclude certain servlets, such as the login processor servlet, from
this filter? I want to have this authentication for all new servlets
added to the application without having to declare the mapping in the
deployment descriptor. Does anyone have a better approach for form
based authentication that I may be missing?
Thanks for your opinions!!!!!!!!