CODEWITHSUNDEEP
javatomcatservletsrestriction
ufk
ufk

Reputation: 32104

limit access to servlets

I have a gateway sevlet that forward users to many servlets that processes tasks.

each users must go first through the gateway servlet then it forwards them to the proper servlet. I create a RequestDispatcher and execute it's forward function to the proper servlet.

the problem is that all the servlets are publicly available so they user can actually go and execute any servlets they want.

I want to allow access only to the gateway servlet and to restrict access to all others. but of course to allow the gateway to forward to the servlets.

how can it be done?

thank you!

using apache tomcat 7

Upvotes: 1

Views: 751

Answers (1)

NickJ
NickJ

Reputation: 9559

Using filter to check that the current user is logged in, you'll need to write the method userIsLoggedIn() yourself, by checking session attributes:

public class LoginFilter implements Filter {

  public void doFilter(ServletRequest req, ServletResponse res,
        FilterChain chain) throws IOException, ServletException {

      if (userIsLoggedIn()) {

        //process request normally, pass up the filter chain to the servlet:
        chain.doFilter(req, res);  

      } else {

        //go to login screen instead
        RequestDispatcher dispatcher = getRequestDispatcher("login");
        dispatcher.forward( request, response );
      }
  }
}

In you web.xml, you'll need to declare your filter:

<filter>
  <filter-name>loginFilter</filter-name>
  <filter-class>
     com.foo.LoginFilter
  </filter-class>
</filter>
<filter-mapping>
  <filter-name>loginFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Upvotes: 4

Related Questions