Menu
I have a basic application filter config that looks like this:
@Configuration
public class ApplicationFilterConfig {
/**
* Check if user is logged in
*/
@Bean
public FilterRegistrationBean applicationFilterRegistration() {
// created a collections that need logins to be validated.
ArrayList<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/home");
urlPatterns.add("/about");
urlPatterns.add("/contact");
// ...
LoginFilter loginFilter = new LoginFilter();
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(loginFilter);
registration.setUrlPatterns(urlPatterns);
registration.setOrder(1);
return registration;
}
}
However, the list urlPatterns grows to be very long, even when using the star annotation (e.g. /employees/*). The main reason why I don't just use /* is because I don't want to require login validation for my login page. If I did, it'd create an infinite loop of redirects.
Does the FilterRegistrationBean class allow you to apply a filter to all URL patterns except certain patterns?
I could put everything except the login page in a directory and set my URL pattern to be /subdirectory/* but that adds an unnecessary level of depth to every file in my webapp.
653
The solution for excluding URLs from a third-party filter is to wrap it with a new custom filter which just adds the exclude functionality and delegates the filter logic to the wrapped class. // Forward the request to the next filter or servlet in the chain.
Securing the URLs The most common methods are: authenticated(): This is the URL you want to protect, and requires the user to login. permitAll(): This is used for URL's with no security applied for example css, javascript. hasRole(String role): Restrict to single role.
FilterRegistrationBean registers a Filter as Spring bean and it provides methods to add URL mappings, set Filter order etc. When we register a Filter using Spring @Component , we can set Filter order using Spring @Order annotation but there is no way to change default URL mappings in this case.
FilterRegistrationBean doesnot provide(atleast until now) any method to exclude URL patterns. But it can be taken care from from Filter implementation(in this case its LoginFilter). Implement LoginFilter by extending OncePerRequestFilter which has a method called shouldNotFilter() which can be overriden to suit your needs.
public class LoginFilter extends OncePerRequestFilter {
private List<String> excludeUrlPatterns = new ArrayList<String();
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException
{
// Implementation....
}
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException
{
// Populate excludeUrlPatterns on which one to exclude here
}
}
For more details you can follow this link
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With