Servlet Filter for security

Question

I am using Servlet filter for secure app,

<filter>
    <filter-name>HelloFilter</filter-name>
    <filter-class>com.sarp.filter.HelloFilter</filter-class>
    <init-param>
        <param-name>login_form</param-name>
        <param-value>/loginForm.jsp</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>HelloFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
</filter-mapping> 

but if my servlets use jsp files I can not catch them

private void execute(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    getServletContext().getRequestDispatcher("/deniz.jsp").forward(request, response);

for example deniz.jsp appears without aouthentication , is there any solution? thanks

Answer 1

Specify the FORWARD behavior using the dispatcher tag in the filter-mapping

<filter-mapping>
    <filter-name>HelloFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

This information can be found in section 6.2.5 of the specification.

New since version 2.4 of the Java Servlet specification is the ability to configure filters to be invoked under request dispatcher forward() and include() calls.

By using the new element in the deployment descriptor, the developer can indicate for a filter-mapping whether he would like the filter to be applied to requests when:

1. The request is being processed under a request dispatcher representing the Web component matching the or using a forward() call.

This is indicated by a element with value FORWARD