4

I'm using a filter in web.xml to check if a user is logged in or not:

<filter>
    <filter-name>LoginFilter</filter-name>
    <filter-class>com.mycompany.LoginFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

And this works like a charm until I have a stylesheet or image I want to exclude from this filter. I know one approach is to put everything that's protected inside /privateor similar, and then set the url-pattern to: <url-pattern>/private/*</url-pattern>. The downside to this is my URLs now looking like: http://www.mycompany.com/private/mypage instead of http://www.mycompany.com/mypage. Is there another solution to this problem, that let me keep my pretty-urls?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Mads Mobæk
  • 34,762
  • 20
  • 71
  • 78

1 Answers1

4

One solution should be the SpringSecurity (was Acegi Security) approach: make your url-pattern includes everything and exclude undesidered patterns in your filter body.

Marco
  • 1,642
  • 3
  • 16
  • 29
  • Yes, I've tried that to implement that approach. I sucessfully detected the URLs, but I'm unsure what to do next. In the filter body I have tried a) saying "return" and that (not suprisingly) returned a blank page. b) chain.doFilter(request,response); which resulted in the start-page being loaded of all things. Could you give an example on how the filter body should look like when excluding? – Mads Mobæk Nov 30 '09 at 00:09
  • It actually worked with chain.doFilter(request, response). The reason I got the start-page all the time was due to the start-page having the url-pattern set to /. When I made sure no servlets we're mapped to /, this actually worked :-) – Mads Mobæk Nov 30 '09 at 02:53