2

I have a @POST rest method and i want to make filter for it, so only the person who is logged in in the application to be able to have access to it. Here is my @POST method : 

@POST
@Path("/buy")
public Response buyTicket(@QueryParam("projectionId") String projectionId, @QueryParam("place") String place){
    Projection projection = projectionDAO.findById(Long.parseLong(projectionId));
    if(projection != null){
        System.out.println(projection.getMovieTitle());
        System.out.println(place);
        projectionDAO.buyTicket(projection, userContext.getCurrentUser(), place);
    }

    return Response.noContent().build();
}

And here is the filter i write for this method : 

@WebFilter("rest/projection/buy")
public class ProtectedBuyFunction implements Filter {
@Inject
UserContext userContext;

public void init(FilterConfig fConfig) throws ServletException {
}

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    if (!isHttpCall(request, response)) {
        return;
    }
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    User currentUser = userContext.getCurrentUser();
    if (currentUser == null) {
        String loginUrl = httpServletRequest.getContextPath()
                + "/login.html";
        httpServletResponse.sendRedirect(loginUrl);
        return;
    }
    chain.doFilter(request, response);
}

private boolean isHttpCall(ServletRequest request, ServletResponse response) {
    return (request instanceof HttpServletRequest)
            && (response instanceof HttpServletResponse);
}

public void destroy() {
}}

The problem is that i always get an exception and the server refuse to start, the exception is : 

Invalid <url-pattern> rest/projection/buy in filter mapping

I am using TomEE server with Jax-RS. Is there some way I can solve this problem ?

Ramesh PVK
  • 15,200
  • 2
  • 46
  • 50
alle3x
  • 475
  • 2
  • 6
  • 18

2 Answers2

1

The mapping path as per servlet specification should follow rules:

  • Directory Mapping: A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping.
  • Extension Mapping: A string beginning with a ‘*.’ prefix is used as an extension mapping.
  • Context Root: The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e., requests of the form http://host:port//. In this case the path info is ’/’ and the servlet path and context path is empty string (““).
  • Default Servlet: A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
  • Exact Mapping: All other strings are used for exact matches only.

In your case, it does not start with "/". You should have absolute url for context root if you are using servlet filter. Add "/" in the beginning. It should work.

Ramesh PVK
  • 15,200
  • 2
  • 46
  • 50
0

The easiest way to do it is to use JAX-RS filters and not Servlet Filters. you can find here a documentation of them: https://jersey.java.net/documentation/latest/filters-and-interceptors.html#d0e9580

In case of your Servlet Filter, please post your servlet context and what is the mapping for JAX-RS resources, in order to figure out why you get the error.

iullianr
  • 1,274
  • 10
  • 11