Before i start , i've checked a lot of tutorials , and a lot of questions in stackoverflow, but none of them seemed to give me what i wanted, here is my problem:
i have a class:User , and 3 others that extends from user : admin, recruteur and candidat
what i did (and what i've found in all the tutorials and questiosn here) is to put a filter when the user logs in, so if he is logged in he can view the folder secured/* but if not , he will be redirected to login.xhtml
now what i want , is to add the other folders , so an admin can only access admin folder+secured folder , recruter can only access secured+recruter folder ect...
for now i've put adminFolder,recruterFolder,candidatFolder in securedFolder,but i couldn't manage to make the restrictions to the subfolders . Here is the code of my filter
//user=member
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/index.xhtml";
boolean loggedIn = session != null && session.getAttribute("membre") != null;
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
Create another filter (same filter as yours , except added the
import java.io.IOException;
import javax.faces.application.ResourceHandler;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecuredRoleFilter implements Filter{
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession(false);
String loginURI = request.getContextPath() + "/index.xhtml";
boolean loggedIn = session != null && session.getAttribute("role").equals("Candidat");
boolean loginRequest = request.getRequestURI().equals(loginURI);
boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);
if (loggedIn || loginRequest || resourceRequest) {
chain.doFilter(request, response);
} else {
response.sendRedirect(loginURI);
}
}
@Override
public void destroy() {}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
now in web.xml add the filter
<filter>
<filter-name>secured</filter-name>
<filter-class>packageName.ConxFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>secured</filter-name>
<url-pattern>/secured/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>securedCandidat</filter-name>
<filter-class>packageName.SecuredRoleFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>securedCandidat</filter-name>
<url-pattern>/secured/candidatFolder/*</url-pattern>
</filter-mapping>