Filter not functioning when used with omnifaces extensionless URLs

Question

I am using omnifaces extensionless URLS in my web application.

My web.xml is as below

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
    <param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
    <param-value>/*.xhtml</param-value>
</context-param>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
<welcome-file-list>
    <welcome-file>Login.xhtml</welcome-file>
</welcome-file-list>
</web-app>

My filter clas is as below

@WebFilter(filterName = "AuthFilter", urlPatterns = { "*.xhtml" })
public class AuthenticationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    try {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        HttpSession ses = req.getSession(false);
        String reqURI = req.getRequestURI();
                    System.out.println(reqURI);
        if (reqURI.indexOf("/Login") >= 0 
                || (ses != null && ses.getAttribute("user") != null)
                || (reqURI.indexOf("/ForgotPassword") >=0)
                || reqURI.contains("javax.faces.resource")) {
            if ((reqURI.indexOf("/Login") >= 0 || (reqURI.indexOf("/ForgotPassword") >=0))
                    && (ses != null && ses.getAttribute("user") != null)) {
                                System.out.println("Invalidating session");
                ses.invalidate();
            }
            chain.doFilter(request, response);
        } else {
            res.sendRedirect(req.getContextPath() + "/Login");
        }
    } catch (Throwable t) {
        System.out.println(t.getMessage());
    }
} // doFilter
}

My requirement is that, if the user is logged in redirect him to all the pages except the Login and ForgotPassword pages. When the user is logged in and tries to access either of those pages, log him out and send him to the requested page. If the user is not logged in, all requests to Login and ForgotPassword pages should be allowed and access to any other page should redirect him to Login page.

The problem I am facing is that with the extensionless URLs, I can access a page with or without the .xhtml file extensions. The filter is invoked only when I access it using the extension. Without the extension, the filter is bypassed.

I am not sure what URL pattern to provide in the filter class to get it to process every request.

Kindly help.

Answer 1

Either, listen on all URLs:

@WebFilter(urlPatterns = "/*")

or, attach it to the FacesServlet:

@WebFilter(servletNames = "Faces Servlet")

(note that this way the filter thus doesn't run when the URL doesn't hit the FacesServlet)