web.xml - Java Servlet Filters and WebSphere - URL Pattern issues

StackOverflow https://stackoverflow.com/questions/1879688

Question

So we are running a web application that has been tested on Tomcat, Glassfish, WebLogic and WebSphere. All run correctly except WebSphere. The issue is that filters are not processed for files under a certain directory.

For example I have a filter that checks the user's lanuage from browser cookies and another that get the user's username, in the web.xml there are configured like so:

<!-- ****************************** -->
<!-- * Security context filtering * -->
<!-- ****************************** -->

<filter>
    <filter-name>SetSecurityContextFilter</filter-name>
    <filter-class>
        com.test.security.SecurityContextServletFilter
    </filter-class>
</filter>

<!-- ****************************** -->
<!-- ** Locale context filtering ** -->
<!-- ****************************** -->

<filter>
    <filter-name>SetLocaleFilter</filter-name>
    <filter-class>
        com.test.locale.LocaleServletFilter
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>SetSecurityContextFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>SetLocaleFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Both filters set a static threadlocal variable which can be accessed from a static getter, but when the same file 'test.jsp' invokes the getters, under 'contextroot/js' they return the default values (as if unset) while under 'contextroot/pages' they are correct.

Any ideas?

Thanks in advance.

Was it helpful?

Solution

I have discovered what the problem was!

In my web.xml further down I have this:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Test Application</web-resource-name>
            <url-pattern>/pages/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
             ...
        </auth-constraint>
    </security-constraint>

If I change the URL pattern to '/*' so that every page under the context root requires a login, all filters are correctly run, all the time. This does however mean that my login page doesn't have access to any css files but that's another problem!

Cheers.

OTHER TIPS

Defining your login page as the form-login-page might help it get css resources as follows <form-login-config> <form-login-page>/Login.jsp</form-login-page>

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top