This is a Java servlet filter (as per Servlet API 2.3). This filter implements a well known generic approach for setting access restrictions in your web applications. And this approach is completely application servers/vendors independent. When the user login to the application, you can store an attribute in your session scope or add a special cookie. Then access restriction filter would intercept all the requests and verify the session content or cookie content. And if the verification results failed, filter forwards the user to your login page. This would prevent unauthorized user to access the jsp pages. How to use it: a) download accessflt.jar and save it in WEB-INF/lib b) describe this filter in web.xml. You may provide the following initial parameters:
for example:
<filter> <filter-name>AccessFilter</filter-name> <filter-class>com.cj.accessflt.AccessFilter</filter-class> <init-param> <param-name>attribute</param-name> <param-value>OK</param-value> </init-param> <init-param> <param-name>redirect</param-name> <param-value>/login.jsp</param-value> </init-param> <init-param> <param-name>except</param-name> <param-value>/login.jsp</param-value> </init-param> </filter> c) describe a mapping for this filter in web.xml. E.g.:
<filter-mapping> <filter-name>AccessFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> in this example filter will be on for the each .jsp file. And now in this example filter will check attribute OK in session
scope for the each request. If session does not contain this attribute than filter
forwards request to /login.jsp. In your login.jsp you can do
so for example:
<% // define an attribute named OK in session scope session.setAttribute("OK","yes"); %> as an indication for "good" (accepted) users. And your login page itself will be excluded from this process. By the similar manner you can operate with cookies. For downloading: Access restriction filter: accessflt.jar
See also JSOS - the largest collection of servlets and filters.
|
Also in JSOS:
|