Search code examples
javajakarta-eehttpurlconnectionform-authentication

HttpURLConnection skipping the FILTER in J2EE application

I am working on application, which is skipping the FILTERS configured in application while connecting to a http URL through code. One of the filters is UTF8Filter configured with URL pattern /*. Below is the code snippet of my URL connection.

String protocol = "http";
String port = "50000";
String host = "localhost";
URL url = new URL(protocol + "://" + host + ":" + port + path + "/"
        + fs + "_" + fsv + ".jspx?id=" + wid + "&rt=pdf");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.disconnect();
conn.setUseCaches(false);
conn.setDefaultUseCaches(false);
conn.setDoOutput(true);
if (jsessionid != null) {
    conn.addRequestProperty("Cookie", jsessionid.getName() + "="
            + jsessionid.getValue());
}
logger.info("Before connect....");
conn.connect();
logger.info("After connect...");
logger.info("get response code : " + conn.getResponseCode());//200

Below is the log captured from the application.

INFO GPBean:201 - Before connect....
INFO GPBean:203 - After connect...
INFO GPBean:207 - get response code : 200
--- It has skipped the filters. Request hasn't gone through the UTF8Filter.

Our application is using form based authentication. I see that there is some problem displaying the logon images, because its looking for those images in some other folder, not sure of this.

I have tried removing the authenticaion module and tested the application. It works fine.

Below is the log captured disabling the form based authentication.

19 Feb 2015 12:32:19,289  INFO GPBean:201 - Before connect....
19 Feb 2015 12:32:19,292  INFO GPBean:203 - After connect...
19 Feb 2015 12:32:19,363  INFO UTF8Filter:38 - In UTF8Filter class, doFilter() method...
19 Feb 2015 12:32:19,365  INFO UTF8Filter:41 - In UTF8 Filter, Filtering the request
-----some other log messages
19 Feb 2015 12:32:27,017  INFO GPBean:207 - get response code : 200

At this point, I am not sure to decide if the problem is with FORM Based authentication or with HTTPUrl connection code or some other configuration. Any help is appreciated.

UPDATE: As requested, I am updating with the fragment of my web.xml

   <filter>
      <filter-name>RF</filter-name>
      <filter-class>com.srk.filters.RF</filter-class>
   </filter>
   <filter>
      <filter-name>UTF8Filter</filter-name>
      <filter-class>com.srk.filters.UTF8Filter</filter-class>
      <init-param>
         <param-name>encoding</param-name>
         <param-value>UTF-8</param-value>
      </init-param>
   </filter>
   <filter-mapping>
      <filter-name>RF</filter-name>
      <servlet-name>Persistent Faces Servlet</servlet-name>
   </filter-mapping>
   <filter-mapping>
      <filter-name>RF</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
   </filter-mapping>
   <filter-mapping>
      <filter-name>UTF8Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>
   <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>0</load-on-startup>
   </servlet>
   <servlet>
      <servlet-name>Persistent Faces Servlet</servlet-name>
      <servlet-class>com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet</servlet-class>
      <load-on-startup>0</load-on-startup>
   </servlet>
   <servlet>
      <servlet-name>Blocking Servlet</servlet-name>
      <servlet-class>com.icesoft.faces.webapp.xmlhttp.BlockingServlet</servlet-class>
      <load-on-startup>0</load-on-startup>
   </servlet>
   <servlet>
      <servlet-name>uploadServlet</servlet-name>
      <servlet-class>com.icesoft.faces.component.inputfile.FileUploadServlet</servlet-class>
      <load-on-startup>0</load-on-startup>
   </servlet>
   <servlet-mapping>
      <servlet-name>Persistent Faces Servlet</servlet-name>
      <url-pattern>*.faces</url-pattern>
   </servlet-mapping>
   <servlet-mapping>
      <servlet-name>Persistent Faces Servlet</servlet-name>
      <url-pattern>*.jspx</url-pattern>
   </servlet-mapping>
   <servlet-mapping>
      <servlet-name>Persistent Faces Servlet</servlet-name>
      <url-pattern>*.iface</url-pattern>
   </servlet-mapping>
   <servlet-mapping>
      <servlet-name>Persistent Faces Servlet</servlet-name>
      <url-pattern>/xmlhttp/*</url-pattern>
   </servlet-mapping>
   <servlet-mapping>
      <servlet-name>Blocking Servlet</servlet-name>
      <url-pattern>/block/*</url-pattern>
   </servlet-mapping>
   <servlet-mapping>
      <servlet-name>uploadServlet</servlet-name>
      <url-pattern>/uploadHtml</url-pattern>
   </servlet-mapping>
Solution

  • I think your Filter will not intercept the requests made by your code using HttpURLConnection as it's not in the scope of a Filter. A Filter can be configured at a container (your tomcat server) level to intercept requests fired using Container API something like RequestDispatcher's forward() (or) include(). Basically a JAVA EE6 filter can be configured in web.xml with following <dispatcher> types

    • REQUEST: Only when the request comes directly from the client
    • ASYNC: Only when the asynchronous request comes from the client
    • FORWARD: Only when the request has been forwarded to a component
    • INCLUDE: when the request is being processed by a component that has been included
    • ERROR: Only when the request is being processed with the error page mechanism