I am using a Servlet Filter in my JSF application. I have three groups of Web pages in my application, and I want to check Authentication for these pages in my Servlet Filter:
my Folders
/Admin/ *.xhtml
/Supervisor/*.xhtml
/Employee/*.xhtml
and I am writing web.xml like
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.ems.admin.servlet.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/Employee/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/Admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/Supervisor/*</url-pattern>
</filter-mapping>
but requests like
http://localhost:8080/EMS2/faces/Html/Admin/Upload.xhtml
are not entering into Filter.
I have to provide security to these 3 folders.
How to solve this problem ?
If an URL pattern starts with /, then it's relative to the context root. The /Admin/* URL pattern would only match pages on http://localhost:8080/EMS2/Admin/* (assuming that /EMS2 is the context path), but you have them actually on http://localhost:8080/EMS2/faces/Html/Admin/*, so your URL pattern never matches.
You need to prefix your URL patterns with /faces/Html as well like so:
<url-pattern>/faces/Html/Admin/*</url-pattern>
You can alternatively also just reconfigure your web project structure/configuration so that you can get rid of the /faces/Html path in the URLs so that you can just open the page by for example http://localhost:8080/EMS2/Admin/Upload.xhtml.
Your filter mapping syntax is all fine. However, a simpler way to specify multiple URL patterns is to just use only one <filter-mapping> with multiple <url-pattern> entries:
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/faces/Html/Employee/*</url-pattern>
<url-pattern>/faces/Html/Admin/*</url-pattern>
<url-pattern>/faces/Html/Supervisor/*</url-pattern>
</filter-mapping>