User restriction page when logged in

Question

My website contains two type of users, user and admin. I'm trying to restrict the user from accessing admin control page, and I tried to do it like this inside doFilter():

System.out.print("\nNumber of objects constructed:->" + Counter.show() + "\n\n");
String path = req.getRequestURI().substring(req.getContextPath().length());

if (path.startsWith("/faces/xadmin.xhtml") && !JloginDAO.per.equals("admin")) {
    res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}

if (path.startsWith("/faces/calendar.xhtml") && !JloginDAO.per.equals("admin")) {
    res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}

but it's not working, and no errors showing!

web.xml

 <display-name>web2</display-name>
 <servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet>
    <description></description>
    <display-name>DisplayImage</display-name>
    <servlet-name>DisplayImage</servlet-name>
    <servlet-class>calender.DisplayImage</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>DisplayImage</servlet-name>
    <url-pattern>/DisplayImage</url-pattern>
</servlet-mapping>

 <servlet>
    <description></description>
    <display-name>PrivateDisplayImage</display-name>
    <servlet-name>PrivateDisplayImage</servlet-name>
    <servlet-class>displayCalendar.PrivateDisplayImage</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>PrivateDisplayImage</servlet-name>
    <url-pattern>/PrivateDisplayImage</url-pattern>
</servlet-mapping>

     <servlet>
    <description></description>
    <display-name>PublicDisplayImage</display-name>
    <servlet-name>PublicDisplayImage</servlet-name>
    <servlet-class>public_display_Calendar.PublicDisplayImage</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>PublicDisplayImage</servlet-name>
    <url-pattern>/PublicDisplayImage</url-pattern>
</servlet-mapping>


<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
 <filter>
   <filter-name>PrimeFaces FileUpload Filter</filter-name>
   <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
  <init-param>
  <param-name>thresholdSize</param-name>
  <param-value>10240</param-value> <!-- 10 Mb -->
</init-param>
 </filter>
   <filter-mapping>
   <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
  </filter-mapping>
   </web-app>

Any ideas?

Answer 1

Make sure your url pattern is like this:

<url-pattern>*.xhtml</url-pattern>

and your webfilter like this

@WebFilter(filterName = "AuthFilter", urlPatterns = {"*.xhtml"})

Your code never invoked because it's out side the try{}, make sure you have your code under req definition.