Web Filter blocking RichFaces

Question

I create a filter and it works fine but my richfaces doesn't work correctly anymore, here is my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">
    <display-name>SuaParte</display-name>
    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>

    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>

    <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>server</param-value>
    </context-param>

    <context-param>
        <param-name>org.richfaces.SKIN</param-name>
        <param-value>blueSky</param-value>
    </context-param>

    <context-param>
        <param-name>org.richfaces.CONTROL_SKINNING</param-name>
        <param-value>enable</param-value>
    </context-param>

    <filter>
        <display-name>RichFaces Filter</display-name>
        <filter-name>richfaces</filter-name>
        <filter-class>org.ajax4jsf.Filter</filter-class>
    </filter> 

    <filter-mapping> 
       <filter-name>richfaces</filter-name> 
       <servlet-name>Faces Servlet</servlet-name>
       <dispatcher>REQUEST</dispatcher>
       <dispatcher>FORWARD</dispatcher>
       <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>

    <context-param>
        <param-name>com.sun.faces.disableVersionTracking</param-name>
        <param-value>true</param-value>
    </context-param>

    <context-param>
        <param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name>
        <param-value>true</param-value>
    </context-param>


    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>filter.LoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
</web-app>

I also try the @BalusC suggestion here, changing the web.xml to:

<filter>
    <filter-name>LoginFilter</filter-name>
    <filter-class>filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/secured/*</url-pattern>
</filter-mapping>

And change the *.xhtml files to a secured folder :

But this way the filter doesn't work anymore.

How can I make the richfaces work with my filter ?

Answer 1

RichFaces resources are also passed through the FacesServlet and thus also through your security filter. You need to add an extra if check to bypass resource requests (read: CSS/JS/image requests done by <h:outputStylesheet>, <h:outputScript>, <h:graphicImage>, etc, either explicitly declared in markup or implicitly added by JSF/RichFaces).

String uri = ((HttpServletRequest) request).getRequestURI();

// Ignore JSF2/RF4 resources (which are also mapped on FacesServlet).
if (uri.startsWith(ResourceHandler.RESOURCE_IDENTIFIER) || uri.startsWith(ResourceHandlerImpl.RICHFACES_RESOURCE_IDENTIFIER)) {
    chain.doFilter(request, response);
    return;
}

// ...

with

import javax.faces.application.ResourceHandler;
import org.richfaces.resource.ResourceHandlerImpl;

As to why your /secured/* mapping doesn't work is because you've one extra /pages path there in your folder structure. The filter should then be mapped on /pages/secured/*.