Class AuthFilter

java.lang.Object
fc.web.servlet.AuthFilter
All Implemented Interfaces:
jakarta.servlet.Filter
Direct Known Subclasses:
JDBCAuthFilter
public abstract class AuthFilter extends Object implements jakarta.servlet.Filter
An abstract servlet filter that only allows authenticated access to a resource. This filter will redirect the user to the login_page if the user is not logged in. The originally requested target URL (if any) will be saved via the method. The saved URL will be complete, i.e., will start from the protocol string http.. upto and including any query string. Note: if the original URL was submitted via POST, the POST data is not saved, only the target URL is saved.

There are 2 ways that the original URL can be saved. One is to save it as a temporary cookie. This implies that the client must have cookies enabled. The other way is to tack it on to the URL as a url parameter. In either case, the original target is saved as a parameter with name=login.target and value=URLEncoder.encode(target_page)

The following keys must be specified as the init parameters.

  • key name: appName, the name of the webapp (the name is an arbitrary string but must be the same as is specified in the init parameter of WebApp).
  • key name: login_page, the value should be an absolute path (from the website's document root) to the login page or URL. The following key is optional:
  • key name: use_cookie, the value should be "true" or "false". true means save the original target page as a cookie, false means save that page as part of the URL. Defaults to false
Note: this class cannot be directly instantiated (since it's abstract) and should not be specified as the name of some filter in the servlet container's web.xml file.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    destroy()
     
    void
    doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain)
     
    void
    init(jakarta.servlet.FilterConfig config)
     
    abstract boolean
    isUserLoggedIn(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res)
    This method should somehow check to see if the user is logged in or not.

    Methods inherited from class Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

  • Method Details

    • init

      public void init(jakarta.servlet.FilterConfig config) throws jakarta.servlet.ServletException
      Specified by:
      init in interface jakarta.servlet.Filter
      Throws:
      jakarta.servlet.ServletException

    • destroy

      public void destroy()
      Specified by:
      destroy in interface jakarta.servlet.Filter

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • isUserLoggedIn

      public abstract boolean isUserLoggedIn(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) throws Exception
      This method should somehow check to see if the user is logged in or not. Typically, this will be done via getting a session_id (either from a cookie or a URL) and using that session_id to search for a memory or database session data to see if that session still exists and has not expired.
      Throws:
      Exception