CODEWITHSUNDEEP
jsfservlet-filters
Emre Arslan
Emre Arslan

Reputation: 141

too many redirects using filter class

JSF 2.2 and Primefaces 6.0

I'm trying to use filter class for authentication session control. But filter class running 21 times and browser set error message ERR_TOO_MANY_REDIRECTS.

Web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>maintenancemonitoring</display-name>
    <context-param>
        <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
        <param-value>.xhtml</param-value>
    </context-param>
    <context-param>
        <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
    </context-param>
    <context-param>
        <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
        <param-value>resources.application</param-value>
    </context-param>
    <listener>
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
    </listener>
    <filter>
        <filter-name>authFilter</filter-name>
        <filter-class>view.filters.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>authFilter</filter-name>
        <url-pattern>*.xhtml</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>cupertino</param-value>
    </context-param>
    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>
</web-app>

Filter class : 

public void
        doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException,
                                                                                                         ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    request.setCharacterEncoding("UTF-8");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    HttpSession session = request.getSession();

    System.out.println("aaaaa");

    String currentLoginId = null;
    if(session.getAttribute("currentLoginId")!=null){
        currentLoginId = (String) session.getAttribute("currentLoginId");
    }

    if(currentLoginId != null){
        setResponseHeaders(response);
        filterChain.doFilter(request, response);
    } else {
        response.sendRedirect(request.getContextPath() + "/faces/login.xhtml");
    }
}

private void setResponseHeaders(HttpServletResponse httpResponse) {
    httpResponse.addHeader("Pragma", "no-cache");
    httpResponse.addHeader("Cache-Control", "no-cache");
    httpResponse.addHeader("Cache-Control", "must-revalidate");
    httpResponse.addHeader("Cache-Control", "post-check=0");
    httpResponse.addHeader("Cache-Control", "pre-check=0");
    httpResponse.addHeader("Cache-Control", "no-store");
    httpResponse.addDateHeader("Expires", 0);
}

Login action in loginBean:

public String actionLogin(ActionEvent actionEvent) throws ServletException, IOException {
    HttpServletRequest request = (HttpServletRequest) getExternalContext().getRequest();
    HttpServletResponse response = (HttpServletResponse) getExternalContext().getResponse();

    AuthUser user = getValidUser();

    request.setAttribute("user", user);

    if (user == null) {
        addMessage("Kullanıcı adı ya da şifre hatalı");
        return null;
    }

    return handleUserLogin(user, request, response);
}

Create session in loginHandler class:

private String createNewSessionAndRedirect(HttpServletRequest request, HttpServletResponse response, AuthUser user) {
    HttpSession session = getSessionForRequest(request);

    session.setAttribute("currentLoginId", user.getUserName());

    if (request.isRequestedSessionIdValid() && session != null && session.getAttribute("currentLoginId") != null) {
        try {
            response.sendRedirect(request.getContextPath() + "/faces/welcome.xhtml");
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return "/welcome.xhtml";
}

Upvotes: 6

Views: 6196

Answers (1)

AxelH
AxelH

Reputation: 14572

The reason I see for this error is a recursive call.

Since you are filtering every .xthml page and in the filter you are redirecting to 

response.sendRedirect(request.getContextPath() + "/faces/login.xhtml");

You are filtrering this redirection itself. You should forward the request instead since you have set the filtrer to work on REQUEST but not on FORWARD. 

<filter-mapping>
    <filter-name>authFilter</filter-name>
    <url-pattern>*.xhtml</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

The forward looks like this (not exactly, didn't remember the exact code in a filter...) :

ServletContext.getRequestDispatcher("/faces/welcome.xhtml").forward()

A forward will only be filter if you add <dispatcher>FORWARD</dispatcher> to the filter-mapping

Upvotes: 5

Related Questions