How to create a JSF Filter/url-pattern to protect javascripts

Question

I've written a Java web filter to handle my JSF application's security. I've the filter's mapping like this:

<filter-mapping>
    <filter-name>authFilter</filter-name>
    <url-pattern>/secure/*</url-pattern>
    <url-pattern>/login.jsf</url-pattern>
    <url-pattern>/*.js.jsf</url-pattern>    <--- invalid pattern
</filter-mapping>

and now i want to create a url-pattern to filter all javascript files. I'm using Primefaces, so the .js files are retrived in URLs like this:

http://localhost:8080/MyProject/javax.faces.resource/MyJavascriptFile.js.jsf?ln=MyLibrary

I cant filter the whole javax.faces.resouces because it also holds the CSS files. Is there a way to create a URL pattern to match only javascripts?

Answer 1

<url-pattern>/*.js.jsf</url-pattern>    <--- invalid pattern

That's indeed an invalid URL pattern. The wildcard * can only be in the beginning or the end of the URL pattern. In your particular case, you do not need the / prefix at all.

<url-pattern>*.js.jsf</url-pattern>    <--- valid pattern

Note that this issue has nothing to do with JSF. Servlet filters are part of the basic Servlet API.

See also:

• mapping servlet to serve my requests

Answer 2

The * wildcard functionality is limited in JSF, because only one * is allowed, and it must be at the end of the “form-view-id” string. For example, (any xml) It works.

<from-view-id>/customer/*</from-view-id>

It will never match…

<from-view-id>/cus*mer/</from-view-id>
<from-view-id>/c*sto*er/*</from-view-id>
<from-view-id>*/customer</from-view-id>

check out this page