I am trying to use a Filter so I can authenticate users before they access the secured pages. Below is my Filter
package Filter;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author Yohan
*/
public class LoginFilter_Level1 implements Filter {
private static final boolean debug = true;
// The filter configuration object we are associated with. If
// this value is null, this filter instance is not currently
// configured.
private FilterConfig filterConfig = null;
public LoginFilter_Level1() {
}
public void init(FilterConfig arg0) throws ServletException {}
public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException
{
PrintWriter out=resp.getWriter();
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
HttpSession session = request.getSession(false);
if(session==null)
{
RequestDispatcher dispatch = request.getRequestDispatcher("index.jsp");
dispatch.forward(req, resp);
System.out.println("Executed 1");
}
else
{
System.out.println("Executed 2");
chain.doFilter(request,response);
}
}
public void destroy() {} ;
}
Below is my Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://ift.tt/nSRXKP" xmlns:xsi="http://ift.tt/ra1lAU" xsi:schemaLocation="http://ift.tt/nSRXKP http://ift.tt/1eWqHMP">
<filter>
<filter-name>LoginFilter_Level1</filter-name>
<filter-class>Filter.LoginFilter_Level1</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter_Level1</filter-name>
<url-pattern>/Populate_subUsers</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>DipslyHeaderDataHstrySrvlt</servlet-name>
<servlet-class>Controller.DipslyHeaderDataHstrySrvlt</servlet-class>
</servlet>
<servlet>
<servlet-name>SubUserSrvlt</servlet-name>
<servlet-class>Controller.subuser.SubUserSrvlt</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DipslyHeaderDataHstrySrvlt</servlet-name>
<url-pattern>/DipslyHeaderDataHstrySrvlt</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SubUserSrvlt</servlet-name>
<url-pattern>/SubUserSrvlt</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
Below is how the users get signed out from the system.
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package Controller.login;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author user
*/
@WebServlet(name = "LogoutSrvlt", urlPatterns =
{
"/LogoutSrvlt"
})
public class LogoutSrvlt extends HttpServlet
{
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html;charset=UTF-8");
try
{
HttpSession session=request.getSession();
session.invalidate();
} finally
{
response.sendRedirect("index.jsp");
return;
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo()
{
return "Short description";
}// </editor-fold>
}
My expectation was to block the users from directly accessing the URLs and redirect them to the index page if they are already signed out. Which means, if the user enter the below URL, http://localhost:8080/App/Populate_subUsers, then he should be redirected to the index page.
However, instead of getting redirected, I get the below error.
Mar 03, 2015 12:09:50 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Populate_subUsers] in context with path [/PatientApp] threw exception
java.lang.NullPointerException
at Controller.subuser.Populate_subUsers.processRequest(Populate_subUsers.java:47)
at Controller.subuser.Populate_subUsers.doGet(Populate_subUsers.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at Filter.LoginFilter_Level1.doFilter(LoginFilter_Level1.java:60)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Apart from that, System.out.println() in Filter prints the below.
Executed 2
That means the session is not destroyed at all, or else the filter got problems. How can I fix this?
Note: I used /Populate_subUsers to test by limiting the process to one servlet. Actually I want the same filter to work before all the servlets.
Aucun commentaire:
Enregistrer un commentaire