Conditionally send redirect in Servlet filter after j_security_check

Similar Messages

• Providing redirects in Servlet filter

  Hi,
  I need to provide serverside redirects in Servlet filter.O tried the below code, But unable to do it.
  Is it possible to do such a thing.
  public void doFilter(ServletRequest req, ServletResponse res,
                 FilterChain chain) throws IOException, ServletException {
            logger.info("Start of RedirectFilter ");
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
            String requestURI=request.getRequestURI();
            String domainURL=request.getServerName().toLowerCase();
            logger.info("domainName--"+domainName);
            String keywordToBeAppended=domainURL.replaceAll(domainName,"");
            logger.info("url--"+request.getRequestURI());
            logger.info("servername--"+request.getServerName());
            logger.info("keywordToBeAppended-"+keywordToBeAppended);
            String finalURL= request.getScheme()+"://"+domainURL+"/"+keywordToBeAppended+requestURI;
            logger.info("finalURL--"+finalURL);
            RequestDispatcher rd = request.getRequestDispatcher(finalURL);
            rd.forward(request, response);
            logger.info("End of RedirectFilter ");
            chain.doFilter(request, response);
       }

  There is technically a huge difference between "redirect" and "forward". You're doing here forwards. And because you continue the filter chain, you run into problems. You should do either a forward OR continuing the current request unchanged (through the filter chain) OR send a redirect. You cannot do one or more simultaneously.

• Changing init-param value for servlet filter after deployment

  Is it possible to change the <param-value> of a servlet filter's <init-param> for a deployed app through Weblogic Console? Can't seem to find a place in the console where this is exposed.
  The <init-param> of course is specified in web.xml as:
  <filter>
  <filter-name>foo</filter-name>
  <filter-class>bar</filter-class>
  <init-param>
  <param-name>name</param-name>
  <param-value>value</param-value>
  </init-param>
  </filter>

  Hi,
  U can use "Plan.xml" feature provided by WLS to change the Deployment Descriptor values without Editing Physically inside your WAR or EAR or JAR application.
  Please refer to:
  http://forums.oracle.com/forums/thread.jspa?threadID=1107834
  http://weblogic-wonders.com/weblogic/2009/12/16/updating-cookiename-using-plan-xml/
  http://weblogic-wonders.com/weblogic/2010/03/14/adding-workmanager-using-plan-xml-to-a-war-file/
  Thanks
  Jay SenSharma
  http://weblogic-wonders.com (Middleware Wonders Are Here)

• Is it possible to redirect in a filter After the doChain?

  Hello all,
  I have a filter configured...
    <filter>
      <filter-name>Hibernate Session Filter</filter-name>
      <filter-class>com.test.HibernateSessionFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>Hibernate Session Filter</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>REQUEST</dispatcher>
    </filter-mapping>... in my Web.xml file.
  I'm using this filter to implement the Hibernate "Session in View" notion. This is where a suitable interceptor (filter for me!) grabs the request /response on the way in and starts a hibernate session... then your servlets do whatever it is they do (which may/may not involve hibernate)... then on the way out the filter commits the transaction and closes the session.
  More can be read about this here...
  http://www.hibernate.org/43.html
  ... but the most interesting bit is really the filter itself:
  public class HibernateSessionRequestFilter implements Filter {
      private static Log log = LogFactory.getLog(HibernateSessionRequestFilter.class);
      private SessionFactory sf;
      public void doFilter(ServletRequest request,
                           ServletResponse response,
                           FilterChain chain)
              throws IOException, ServletException {
          try {
              log.debug("Starting a database transaction");
              sf.getCurrentSession().beginTransaction();
              // Call the next filter (continue request processing)
              chain.doFilter(request, response);
              // Commit and cleanup
              log.debug("Committing the database transaction");
              sf.getCurrentSession().getTransaction().commit();
          } catch (StaleObjectStateException staleEx) {
              log.error("This interceptor does not implement optimistic concurrency control!");
              log.error("Your application will not work until you add compensation actions!");
              // Rollback, close everything, possibly compensate for any permanent changes
              // during the conversation, and finally restart business conversation. Maybe
              // give the user of the application a chance to merge some of his work with
              // fresh data... what you do here depends on your applications design.
              throw staleEx;
          } catch (Throwable ex) {
              // Rollback only
              ex.printStackTrace();
              try {
                  if (sf.getCurrentSession().getTransaction().isActive()) {
                      log.debug("Trying to rollback database transaction after exception");
                      sf.getCurrentSession().getTransaction().rollback();
              } catch (Throwable rbEx) {
                  log.error("Could not rollback transaction after exception!", rbEx);
              // Let others handle it... maybe another interceptor for exceptions?
              throw new ServletException(ex);
      public void init(FilterConfig filterConfig) throws ServletException {
          log.debug("Initializing filter...");
          log.debug("Obtaining SessionFactory from static HibernateUtil singleton");
          sf = HibernateUtil.getSessionFactory();
      public void destroy() {}
  }This all works well except when there's a hibernate exception! When there is an exception I'd like to trap the error and redirect the user to an error page showing some text.. or do something informative. The comment in the sample code "// Let others handle it... " ain't very helpful!
  When I try to do a redirect/forward I get illegalStateExceptions (?because the response is already committed??) Is there some way I can manage the response being committed? I'm not very clear on how the header states/'response flush' actually happens. I've had a rummage here and see many similar posts, but they all seem to refer to redirection Before the doChain method... whereas I want to redirect after that method call.
  Thanks in advance for any advice.

  Nope! Not yet. I tried doing a simple ResponseWrapper (just to mess with the response output, inserting text here and there...
  import java.io.PrintWriter;
  import javax.servlet.ServletOutputStream;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletResponse;
  import javax.servlet.http.HttpServletResponseWrapper;
  class HtmlResponseWrapper
  extends HttpServletResponseWrapper
    // A response must provide a PrintWriter and a ServletOutputStream.  So we
    // create new ones here, that uses our HtmlServletOutputStream instead of the
    // default ones...
    private PrintWriter printWriter;
    private HtmlServletOutputStream servletOutputStream;
    public HtmlResponseWrapper(
        ServletResponse servletResponse,
        ServletRequest request,
        String menuInsertMarker,
        String crumbInsertMarker)
    throws java.io.IOException
      // Run the constructor on HttpServletResponseWrapper
      super((HttpServletResponse) servletResponse);
      // Generate the appropriate ServletOutputStream/PrintWriter from the inbound
      // response...
      servletOutputStream = new HtmlServletOutputStream(
          servletResponse.getOutputStream(),
          request,
          menuInsertMarker,
          crumbInsertMarker);
      printWriter = new PrintWriter(servletOutputStream);
    public ServletOutputStream getOutputStream() throws java.io.IOException {
      return servletOutputStream;
    public PrintWriter getWriter() throws java.io.IOException {
      return printWriter;
  }... and that worked well. There's lots of examples of this kind of thing on the web. What I need to do now is understand when status changes, buffers get flushed etc. so I can override more than just the getOutputStream and getWriter methods, to keep my request alive until it gets back to the hibernate filter.
  Hoped to do it over Christmas... but maybe in the New Year!
  Once again - if anyone has any pointers - much appreciated!
  Rgds,
  T.

• Running a servlet after j_security_check

            I am using web.xml and FORM as my <auth-method> for security of my web app. What
            I was wondering if there was a way that after j_security_check does it's thing
            I could then have it call a servlet I created to do some extra security work.
            So A user clicks submit on the form, and is authenticated by j_security_check.
            Then when j_security_check is finished, I want my servlet to run.
            

  Regis,
  I assume you want to store the profile in the user's session. If so, you could leave everything as you have it (keep declarative security, j_security_check, etc.) and add a servlet filter to your application.
  The servlet filter you write will look for the profile in the session before the request actually gets to the requested page. If it's not there, the filter can grab the data and store it in the session. By the time the destination page is processed, the profile is in place.
  HTH,
  Mike

• Form based j_security_check with javax.servlet.Filter and some pesky images

  We have defined the web app to use Form based authentication. Some of the images internal to our application we would like to allow access without having to formally log into the system. In order to accomodate this we have created an javax.servlet.Filter where we strip off some parameters off of the end of the url to log them in.
  This works great for everything EXCEPT urls that are in <img src> tags. urls in these tags will never hit the filter. You can take the same url and place it in the browser and it will hit the filter. Its just urls in <img src> tags.
  The images cannot be moved to a public place, they must stay where they are.
  Does anyone know why the <img src> tag is doing this? It is fairly easy to replicate. Just use form based authentication, create a filter, and try to access an image from an img src tag.
  Be sure to clear your browser cache and try again if you think you have it working.
  Any security gods out there?
  Thanks,
  Mark

  Since nobody responded, I will tell you what we decided to do. For images, we use a servlet outside of the security wall that loads and streams an image back to the browser instead of a direct image url.
  So we do something like this:
  <img src="https:\\foo.com\Servlet\ImageDisplay?id=1234&user=23432">
  Then our servlet parses the params, finds and streams back the image, and instead of returning back "html\text" in the servlet, the servlet returns something like this:
  HttpServletResponse response = blah...
  BufferedImage bi = new BufferedImage("load in the image resource");
  try {
  response.setContentType("image/gif");
  ServletOutputStream out = response.getOutputStream();
  JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(out);
  encoder.encode(bi);
  catch (IOException ioe) {
  servlet.log("DrawMapAction: IO Exception encoding JPEG to ServletOutputStream.", ioe);
  }

• Request.setHeader in servlet filter

  Hi there,
  I am working on servlet filter to filter HttpServletRequest before sending it to the original servlet.
  The original servlet expects some content posted in the body of HttpServletRequest object.
  In my servlet filter, I need to modify this content (already done) and then doFilter to the origin.
  And here is the problem:
  The original servlet uses HTTP header's content-length value to read the entire content posted. But if I modify this content in my filter, it will never get correct content of the request.
  Unfortunately the original servlet is black boxed and there is no way to modify it.
  Is there any way to modify HTTP headers of HttpServletRequest in servlet filter?
  Thank you for any suggestions,
  mato_v

  Hum... ServletRequest.getHeader is read only, so you can't change them. There few solution you may try though:
  * Try create another wrapper instance of ServletRequest inside your filter and forward it to your black box servlet. You might have to wrote your own implementation to manipulate those Headers.
  * How about after you changed your data, redirect/post to your black box with the correct content? Use java.net.HttpURLConnection or a java Http client to do fancy posting if needed.
  Hope these helps.

• How to go back on page by not sending request to servlet

  Hello,
  I have create web application using JSP and servlets. When I press a button I send request to servlet and it redirects me to jsp page where the results are displayed, then in that page I press a button and go to other servlet which redirects me to other JSP.
  I want to make a button on the third JSP page to go back to second JSP page by not sending request to servlet. For e.g. in FireFox, I press back button and it takes me back. But I want that the same action like in firefox would work with my created button.
  How can I do that?
  Edited by: peliukasss on Sep 14, 2010 3:28 PM

  evnafets wrote:
  You wnat your created button to act the same as the "back" button in the browser?Yes, thats exactly what I need.
  Then all you need to do is invoke some javascript on it.
  After a quick google search, the most commonly suggested solution appears to be:
  onclick="history.go(-1)"
  Thanks for your reply.

• Servlet filter in JSP

  hi all,
  i am working with session and jsp, for session authentication i m using servlet filter , which work fine in IE but when i run it in WAP emulator it give null exception.
  i m using xhtml which run both in IE and WAP EMulator.
  i dont know y it is doing so.
  infact i m pushing a class in session, and when i access this class from session in 3rd page it give this null poitner exception.
  what could be reason behind it.
  Allah Hafiz

  Generally, the client used doesn't matter. In your case, however, it sorta does. Sessions are tracked via cookies. It your WAP client does not handle cookies then you will loose the session (regular web browsers like IE can be made to ignore cookies as well...).
  To fix it, use the String url = response.encodeURL("pagetogoto.html") method for ALL your links in the application. That is, everytime you send a redirect, do something like this:
  response.sendRedirect(response.encodeRedirectURL("someOtherPage.jsp"));When you create a link, use this:
  <a href="<%= response.encodeURL("someOtherPage.jsp")%>">Some Other Page</a>When you have a form, use:
  <form action="<%= response.encodeURL("someOtherPage.jsp")%>" ...>etc...
  This adds a session tracking id to the url if (and only if) the client does not allow cookies.

• Weblogic.utils.NestedRuntimeException when using javax.servlet.Filter

  IDE: JDev 10gR3.4 & JDev 11gR2.3
  ViewController technology: JSF/ADF Faces
  Example code flow:
  Run page2.jsf
  MyFilter intercepts request, checks for parameter on session.
  If parameter not null, goto page2.jsf
  Else redirect to page1.jsf
  page1.jsf has a button that sets the value on the session scope after clicking.
  In jdev 11gR2.3, I get an weblogic.utils.NestedRuntimeException after clicking the button on page1.jsf. This error does not occur in jdev 10gR3.5. Although the application continues to execute and proper info is displayed, I’m wondering why this occurs and also if I should be concerned. Has anyone experienced a similar issue when using javax.servlet.Filter in 11g?
  MyFilter code snipet:
      public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
          try {
              HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
              HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
              String redirect = httpRequest.getContextPath() + "/faces/page1.jsf"; //only difference here is 11g uses jsf, 10g uses jsp.
              String uri = httpRequest.getRequestURI().toString();
              Boolean mySessionAttribute = (Boolean)httpRequest.getSession().getAttribute("MYSESSIONATTRIBUTE");
              if (uri.endsWith(redirect) || mySessionAttribute != null) {
                  filterChain.doFilter(servletRequest, servletResponse);
              } else {
                  httpResponse.sendRedirect(redirect);
                  return;
          } catch (IOException e) {
              e.printStackTrace();
          } catch (ServletException e) {
              e.printStackTrace();
  page1.jsf/jsp
  <?xml version='1.0' encoding='UTF-8'?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <f:view xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html">
      <h:form id="f1">
          <h:commandButton value="Submit" id="cb1" action="#{Page1Bean.clicked}" type="submit"/>
      </h:form>
  </f:view>page2.jsf/jsp
  <?xml version='1.0' encoding='UTF-8'?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <f:view xmlns:f="http://java.sun.com/jsf/core" xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
      <af:document title="main.jsf" id="d1">
          <af:form id="f1">
              <af:outputText value="This is the main content" id="ot1"/>
          </af:form>
      </af:document>
  </f:view>Page1Bean.java
  public class Page1Bean {
      public void clicked() {       
          FacesContext context = FacesContext.getCurrentInstance();
          ExternalContext externalContext = context.getExternalContext();
          externalContext.getSessionMap().put("MYSESSIONATTRIBUTE", Boolean.TRUE);
          try {
              externalContext.redirect("/11gFilterExample-ViewController-context-root/faces/page2.jsf");
          } catch (IOException e) {
                  e.printStackTrace();
  }Full exception
  weblogic.utils.NestedRuntimeException: Cannot parse POST parameters of request: '/11gFilterExample-ViewController-context-root/faces/page1.jsf'
       at weblogic.servlet.internal.ServletRequestImpl$RequestParameters.mergePostParams(ServletRequestImpl.java:2144)
       at weblogic.servlet.internal.ServletRequestImpl$RequestParameters.parseQueryParams(ServletRequestImpl.java:2024)
       at weblogic.servlet.internal.ServletRequestImpl$RequestParameters.getQueryParams(ServletRequestImpl.java:1918)
       at weblogic.servlet.internal.ServletRequestImpl$RequestParameters.getParameter(ServletRequestImpl.java:1995)
       at weblogic.servlet.internal.ServletRequestImpl$RequestParameters.access$800(ServletRequestImpl.java:1817)
       at weblogic.servlet.internal.ServletRequestImpl.getParameter(ServletRequestImpl.java:804)
       at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:169)
       at org.apache.myfaces.trinidadinternal.context.external.ServletRequestParameterMap.getAttribute(ServletRequestParameterMap.java:43)
       at org.apache.myfaces.trinidadinternal.context.external.ServletRequestParameterMap.getAttribute(ServletRequestParameterMap.java:31)
       at org.apache.myfaces.trinidadinternal.context.external.AbstractAttributeMap.get(AbstractAttributeMap.java:73)
       at oracle.adfinternal.controller.state.ControllerState.getRootViewPortFromRequest(ControllerState.java:788)
       at oracle.adfinternal.controller.state.AdfcContext.initialize(AdfcContext.java:185)
       at oracle.adfinternal.controller.state.AdfcContext.initialize(AdfcContext.java:79)
       at oracle.adfinternal.controller.application.AdfcConfigurator.beginRequest(AdfcConfigurator.java:53)
       at org.apache.myfaces.trinidadinternal.config.GlobalConfiguratorImpl._startConfiguratorServiceRequest(GlobalConfiguratorImpl.java:562)
       at org.apache.myfaces.trinidadinternal.config.GlobalConfiguratorImpl.beginRequest(GlobalConfiguratorImpl.java:212)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:174)
       at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused by: java.net.SocketException: Connection reset
       at java.net.SocketInputStream.read(SocketInputStream.java:168)
       at weblogic.servlet.internal.PostInputStream.read(PostInputStream.java:177)
       at weblogic.servlet.internal.ServletInputStreamImpl.read(ServletInputStreamImpl.java:228)
       at weblogic.servlet.internal.ServletRequestImpl$RequestParameters.mergePostParams(ServletRequestImpl.java:2118)
       ... 39 more
  <UIXEditableValue> <_isBeanValidationAvailable> A Bean Validation provider is not present, therefore bean validation is disabled

  I dont believe that solution pertains to my case. clicked() is invoked from standard jsf page and the adf controller is not acquired yet. i put a couple of print statements in the filter and it seems that the doFilter is called twice! This is not the case when running in 10g.
              if (uri.endsWith(redirect) || mySessionAttribute != null) {
                  System.out.println("URI dofilter: "+uri);
                  filterChain.doFilter(servletRequest, servletResponse);
              } else {
                  System.out.println("URI sendRedirect: "+uri);
                  httpResponse.sendRedirect(redirect);              
              }11g weblogic console log:
  URI sendRedirect: /11gFilterExample-ViewController-context-root/faces/page2
  URI dofilter: /11gFilterExample-ViewController-context-root/faces/page1.jsf
  URI dofilter: /11gFilterExample-ViewController-context-root/faces/page1.jsf
  10g oc4j console log:
  13/01/07 15:48:13 URI sendRedirect: /10gFilterExample-ViewController-context-root/faces/page2.jsp
  13/01/07 15:48:13 URI dofilter: /10gFilterExample-ViewController-context-root/faces/page1.jsp
  I believe whatever thats causing this occur could be why the exception is thrown...

• Strange behavior when using servlet filter with simple index.htm

  I am new to J2EE development so please tolerate my ignorance. I have a web application that starts with a simple index.htm file. I am using a servlet filter throughout the website to check for session timeout, redirecting the user to a session expiration page if the session has timed out. When I do something as simple as loading the index.htm page in the browser, the .css file and one image file that are associated, or referenced in the file are somehow corrupted and not being rendered. How do I get the filter to ignore css and image files??? Thank you!!
  The servlet filter:
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  public class SessionTimeoutFilter implements Filter {
       String[] excludedPages = {"SessionExpired.jsp","index.htm","index.jsp"};
       String timeoutPage = "SessionExpired.jsp";
       public void destroy() {
       public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
            if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse)) {
                 HttpServletRequest httpServletRequest = (HttpServletRequest) request;
                 HttpServletResponse httpServletResponse = (HttpServletResponse) response;
                 //httpServletResponse.setHeader("Cache-Control","no-cache");
                 //httpServletResponse.setHeader("Pragma","no-cache");
                 //httpServletResponse.setDateHeader ("Expires", 0);
                 String requestPath = httpServletRequest.getRequestURI();
                 boolean sessionInvalid = httpServletRequest.getSession().getAttribute("loginFlag") != "loggedIn";               
                 System.out.println(sessionInvalid);
                 boolean requestExcluded = false;
                 System.out.println(requestExcluded);
                 for (int i=0;i<excludedPages.length;i++){
                      if(requestPath.contains(excludedPages)){
                           requestExcluded = true;
                 if (sessionInvalid && !requestExcluded){
                      System.out.println("redirecting");
                      httpServletResponse.sendRedirect(timeoutPage);
            // pass the request along the filter chain
            chain.doFilter(request, response);
       public void init(FilterConfig arg0) throws ServletException {
            //System.out.println(arg0.getInitParameter("test-param"));
  The index.htm file (or the relevant portion)<HTML>
  <Head>
  <META http-equiv="Content-Style-Type" content="text/css">
  <LINK href="RTEStyleSheet.css" rel="stylesheet" type="text/css">
  <TITLE>Login</TITLE>
  </HEAD>
  <BODY>
  <FORM NAME="Login" METHOD="POST" ACTION="rte.ServletLDAP"><!-- Branding information -->
  <table width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
            <td width="30%" align="left"><img src="images/top_logo_new2.gif">
            </td>
            <td width="37%" align="center"></td>
            <td width="33%" align="right"></td>
       </tr>
  </table>
  My web.xml entry for the filter:     <filter>
            <description>
            Checks for a session timeout on each user request, redirects to logout if the session has expired.</description>
            <display-name>
            SessionTimeoutFilter</display-name>
            <filter-name>SessionTimeoutFilter</filter-name>
            <filter-class>SessionTimeoutFilter</filter-class>
            <init-param>
                 <param-name>test-param</param-name>
                 <param-value>this is a test parameter</param-value>
            </init-param>
       </filter>
       <filter-mapping>
            <filter-name>SessionTimeoutFilter</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
            <dispatcher>FORWARD</dispatcher>
       </filter-mapping>

  Hi,
  Try adding CSS files and images to the excluded Pages.

• Conditionally sending messages to multiple consumers

  How would I best accomplish this requirement?
  I have one system which produces messages
  Multiple systems may want to consume those messages
  I want the producer to be able to send messages conditionally
  In one instance perhaps I send same message to each consumer
  However in another case maybe I only want to send a message to consumers A and B
  It would be OK if I could flag certain messages to be for certain consumers, and then those consumers only retrieve those messages designated to them. However I dont think this is possible as any such flag the consumer would have to read once it actually consumes the message and reads it, I dont think there is any way for the queue to make that decision for them.
  So it sounds like what I need is a hybrid of point-to-point and publish-subscribe
  I want a universal way to conditionally send messages to one or more consumers, and the conditions are dynamic.
  Any suggestions?
  Must it be a PTP with separate queue for every application?

  lozina wrote:
  Interesting... message filters. I like it.
  So with this approach, I can send some messages to everyone, and other messages I can have tailored to specific subscribers?pretty much.
  But the subscriber does not actually have to "fetch" each message to determine if the message is meant for him or not, right? When using message filters this act at the queue, not at the client? Basically I want to avoid a client downloading 1,000 messages only to find out none of them are for him. unfortunately, that's probably up to the implementation. the implementation may choose to work that way (download every message and check it), or it may have a way of applying the filter at the server. however, the filters work only on the message properties, so the impl may be able to just get message headers and filter w/out getting the entire message. you'll have to test with the jms impl you are planning on using and see how that works.
  Thanks!
  [Edit] these are called Message Selectors right? yes.
  And looks like they are specified at the time the client looks up the queue in JNDI?yes, these are provided at subscription time.
  Now is this limited to publish-subscribe?no you can use selectors when subscribing to a queue as well. but, queues won't scale very well to lots of consumers (and are hard to manage with dynamic numbers of consumers).

• Servlet Filter - for WL 5.1 (sp10) ?

  Hello All,
  we use WL 5.1 (sp10), on S.O. AIX.
  We want to filter some JSP pages (depending on the user), like an "Servlet Filter"
  (not present in WL 5.1, only 6.1 or superior) controling the "authorization".
  We know the feature "UrlAcl", but is not good for us.
  We recompiled the class JspBase (in package weblogic.servlet.jsp), including the
  wanted aditional feature "Filter servlet"; We tested it and it is ok and no problens
  ocorred.
  Now we have three questions:
  1- Does exits another solution to the problem above (filtering some JSP depending
  on the user)?
  2- My solution is good enought ? It´s normal to recompile the "internal classes
  of the weblogic" ?
  3- We want to send an email direct to BEA , but we don´t find a "contact" or web-form
  to send this question to BEA; Anyone has this email / information ?

  Hello All,
  we use WL 5.1 (sp10), on S.O. AIX.
  We want to filter some JSP pages (depending on the user), like an "Servlet Filter"
  (not present in WL 5.1, only 6.1 or superior) controling the "authorization".
  We know the feature "UrlAcl", but is not good for us.
  We recompiled the class JspBase (in package weblogic.servlet.jsp), including the
  wanted aditional feature "Filter servlet"; We tested it and it is ok and no problens
  ocorred.
  Now we have three questions:
  1- Does exits another solution to the problem above (filtering some JSP depending
  on the user)?
  2- My solution is good enought ? It´s normal to recompile the "internal classes
  of the weblogic" ?
  3- We want to send an email direct to BEA , but we don´t find a "contact" or web-form
  to send this question to BEA; Anyone has this email / information ?

• Accessing Managed Session Bean in Servlet Filter

  I wrote a Servlet Filter to handle user authentication. Now I'm trying to access my Managed Session Bean in the filter in order to save the current user. Unfortunately the Session Bean is created after the Filter executes for the first time.
  I'm trying to access the Session Bean in this way:
  (SessionBean) FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("sessionBean");
  In this case getExternalContext() is equals null.
  Is there any way to create the Session bean before the filter executes or any other ideas how to handle this?
  I already searched around the internet but couldnt figure out something.
  Thanks guys,
  Paul

  Ok, fixed it like this. Works perfect. JSF finds and uses the handmade Session Bean as well.
  if(request.getSession().getAttribute(BeanNames.SESSION_SCOPE_BEAN) == null) {
       SessionBean sessionBean = new SessionBean();
       request.getSession().setAttribute(BeanNames.SESSION_SCOPE_BEAN, sessionBean);
  }Thanks,
  Paul

• Managed session bean in servlet filter

  Hi,
  Is there a way to get hold of a managed bean with session scope in a servlet filter? The code below throws an error due to the fact that the faces context is null.
  FacesContext facesContext = FacesContext.getCurrentInstance();
  System.out.println("facesContext: " + facesContext); // shows that facesContext is null
  ApplicationFactory appFactory = ApplicationFactory)FactoryFinder.getFactory(FactoryFinder.APPLICATION_FACTORY);
  Application app = appFactory.getApplication();
  Object obj = app.createValueBinding("user").getValue(facesContext); //throws the error due to the null parameter
  Object obj2 = app.createValueBinding("user"); //results in a valid ValueBindingHere is the faces-config snippet for the managed bean:
  <managed-bean>
      <managed-bean-name>user</managed-bean-name>
      <managed-bean-class>biz.libereco.skemo.info.asl.beans.User</managed-bean-class>
      <managed-bean-scope>session</managed-bean-scope>
  </managed-bean>For the record, I am using JSF 1.0 Final.
  Thank you,
  Marcel

  wynton_0 wrote:
  Yes, there is a way to get hold of a managed bean with session scope in a servlet filter.
  See here:
  [http://wiki.apache.org/myfaces/AccessFacesContextFromServlet]
  and here:
  [how to access faces context and backing beans in a servlet filter|http://www.thoughtsabout.net/blog/archives/000033.html]
  This makes no utter sense. A JSF session scoped managed bean is under the hood just put as a HttpSession attribute with the managed bean name as key. Guess what, you can just access the HttpSession in Filter by ((HttpServletRequest) request).getSession() and then just call getAttribute() on it. If it isn't there yet, then just do a setAttribute() with a new instance.
  After I get User bean in my Servlet filter, I populate value to this bean, for example:
  user.setLanguage(request.getParameter("locale"));
  The User bean is in session scope. The User bean's language attribute suppose to be same in the whole session scope, but later on, I got null. My question is:
  how to keep this value in session scope?The the session was apparently invalidated/renewed or you manually removed the bean or replaced it by null.
  In the future, please don't resurrect old topics, just start a new topic for each independent problem/question.