CODEWITHSUNDEEP
javaservletsjettyservlet-filtersembedded-jetty
seriousgeek
seriousgeek

Reputation: 1034

How to get ServletFilter to work on welcome files in embedded Jetty?

I have an application running on embedded jetty 9.4.12. A ServletContextHandler object is used to set welcome files as well as add servlet filters before the handler is set to the Server object. The filter list being added includes certain filters that perform authentication on the incoming requests. However, these filters do not get fired on the welcome page, but they do work on the other endpoints.

Relevant Server initialization code:

ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
root.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
root.setInitParameter("org.eclipse.jetty.servlet.Default.redirectWelcome", "true");
root.setWelcomeFiles(new String[]{"welcome.html"});
FilterHolder filterHolder = new FilterHolder(
   new AuthFilter());
root.addFilter(filterHolder, "/*", null);
HandlerList handlerList = new HandlerList();
      handlerList.setHandlers(
          new Handler[]{root)
          }
      );
 server.setHandler(handlerList);

Is there a way to get the AuthFilter servlet filter here to work on the welcome.html page?

Upvotes: 0

Views: 420

Answers (1)

Joakim Erdfelt
Joakim Erdfelt

Reputation: 49462

The AuthFilter will execute for both requests in your configuration.

Example:

  1. You issue a GET request to /path/to/content/
  2. The matching servlet for this request is the DefaultServlet
  3. The AuthFilter is called, then the DefaultServlet (assuming you allow the chaining to work)
  4. The DefaultServlet detects that this is a directory request (and that dirAllowed is false), so it uses the welcome list and issues a redirect response (because you have redirectWelcome set to true). (This behavior assumes that /path/to/content/welcome.html actually exists, otherwise this is a 404 response)
302 Found HTTP/1.1
Location: /path/to/content/welcome.html
  1. The client follows the redirect and issues a GET request to /path/to/content/welcome.html
  2. The matching servlet for this request is the DefaultServlet
  3. The AuthFilter is called, then the DefaultServlet (assuming you allow the chaining to work)
  4. The DefaultServlet detects that this is a file resource and returns its contents.

Your AuthFilter was called twice, once for step 3 and again for step 7.

Upvotes: 1

Related Questions