Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

redirect from servlet Filter

Posted on 2003-02-27
12
Medium Priority
?
6,492 Views
Last Modified: 2008-03-03
Hello,

I have problem in trying to redirect my incoming requests to an absolute URL from a Servlet Filter.

I have this filer:
  <filter>
    <filter-name>secureconnectionfilter</filter-name>
    <filter-class>cart.security.filter.SecureConnectionFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>secureconnectionfilter</filter-name>
    <servlet-name>securitytest</servlet-name>
  </filter-mapping>

I cannot use the request dispatcher because it forwards to a relative address in the same servlet context only:
RequestDispatcher rd = context.getRequestDispatcher(“/index”);
rd.forward(request, response);



so I want to use sendRedirect, like:

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendRedirect(httpResponse.encodeRedirectURL("http://localhost:8080/cart/index.html"));

But it is not working, it ignores it without throwing any exception!

Any idea? Thank you in advance..

- Rabih
0
Comment
Question by:rabihy
  • 5
  • 5
  • 2
12 Comments
 
LVL 14

Expert Comment

by:kennethxu
ID: 8034211
don't call chain.doFilter(...) after sendRedirectURL().

if you need further explanation, please let us know and post your filter code here, thanks.
0
 

Author Comment

by:rabihy
ID: 8035750
I have already tried to eliminate chain.doFilter(...) and it didnt work.


here is the code:


public class SecureConnectionFilter
    implements Filter {
  private FilterConfig filterConfig = null;

  //Handle the passed-in FilterConfig
  public void init(FilterConfig config) throws ServletException {
    this.filterConfig = config;
  }

  //Process the request/response pair
  public void doFilter(ServletRequest request, ServletResponse response,
                       FilterChain filterChain)
      throws IOException, ServletException {
             
   
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    HttpSession session = httpRequest.getSession();

    ServletContext context = filterConfig.getServletContext();
   
    if (httpRequest.getScheme().equalsIgnoreCase("http")) {
      String origURL = httpRequest.getRequestURL().toString();
      StringBuffer newbURL = new StringBuffer(origURL);
      newbURL.insert(origURL.indexOf(":"), 's');
      String newURL = newbURL.toString();
      if (httpRequest.getQueryString() != null) {
        newURL = newURL + "?" + httpRequest.getQueryString();
      }
     
      //this cannot be written
      // RequestDispatcher rd = context.getRequestDispatcher("http://localhost:8080/cart/index.html");
      // rd.forward(request, response);
     
     
     
      //and this didnt work
        httpResponse.sendRedirect(httpResponse.encodeRedirectURL(
            "http://localhost:8080/cart/index.html"));
     
     
     
     

    } else {
      try {

          session.setAttribute("SECURITY_SIGN", "secured");

          filterChain.doFilter(request, response);
      }
      catch (ServletException sx) {
        filterConfig.getServletContext().log(sx.getMessage());
      }
      catch (IOException iox) {
        filterConfig.getServletContext().log(iox.getMessage());
      }

    }

  }
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8035852
try this:
public class SecureConnectionFilter
   implements Filter {
 private FilterConfig filterConfig = null;

 //Handle the passed-in FilterConfig
 public void init(FilterConfig config) throws ServletException {
   this.filterConfig = config;
 }

 //Process the request/response pair
 public void doFilter(ServletRequest request, ServletResponse response,
                      FilterChain filterChain)
     throws IOException, ServletException {
           
   
   HttpServletRequest httpRequest = (HttpServletRequest) request;
   HttpServletResponse httpResponse = (HttpServletResponse) response;
   HttpSession session = httpRequest.getSession();

   ServletContext context = filterConfig.getServletContext();
   
   if (httpRequest.getScheme().equalsIgnoreCase("http")) {
     String origURL = httpRequest.getRequestURL().toString();
     StringBuffer newbURL = new StringBuffer(origURL);
     newbURL.insert(origURL.indexOf(":"), 's');
     String newURL = newbURL.toString();
     if (httpRequest.getQueryString() != null) {
       newURL = newURL + "?" + httpRequest.getQueryString();
     }
     
     //this cannot be written
     // RequestDispatcher rd = context.getRequestDispatcher("http://localhost:8080/cart/index.html");
     // rd.forward(request, response);
     
     
     
     //and this didnt work
       response.sendRedirect(httpResponse.encodeRedirectURL(
           "http://localhost:8080/cart/index.html"));
     
     
     
     

   } else {
     try {

         session.setAttribute("SECURITY_SIGN", "secured");

         filterChain.doFilter(request, response);
     }
     catch (ServletException sx) {
       filterConfig.getServletContext().log(sx.getMessage());
     }
     catch (IOException iox) {
       filterConfig.getServletContext().log(iox.getMessage());
     }

   }

 }

use response instead of httpResponse.

CJ
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rabihy
ID: 8036306
"response" is of type javax.servlet.ServletResponse which has no sendRedirect method.

so your solution does not work.

Thanks anyway..

- Rabih
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8036331
you are right.  My code I cast it as the same var.

Have you tried not encoding the URL.
 response.sendRedirect("http://localhost:8080/cart/index.html");

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8036337
if you have to encode URL params just encode those.

CJ
0
 

Author Comment

by:rabihy
ID: 8036490
yes, i have tried both, casting it to response and eliminating the encoding, and it didnt work!

-RAB
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 400 total points
ID: 8036790
try this:
public class SecureConnectionFilter
  implements Filter {
private FilterConfig filterConfig = null;

//Handle the passed-in FilterConfig
public void init(FilterConfig config) throws ServletException {
  this.filterConfig = config;
}

//Process the request/response pair
public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain filterChain)
    throws IOException, ServletException {
           
 
  HttpServletRequest httpRequest = (HttpServletRequest) request;
  HttpServletResponse httpResponse = (HttpServletResponse) response;
  HttpSession session = httpRequest.getSession();

  ServletContext context = filterConfig.getServletContext();
 
  if (httpRequest.getScheme().equalsIgnoreCase("http")) {
    String origURL = httpRequest.getRequestURL().toString();
    StringBuffer newbURL = new StringBuffer(origURL);
    newbURL.insert(origURL.indexOf(":"), 's');
    String newURL = newbURL.toString();
    if (httpRequest.getQueryString() != null) {
      newURL = newURL + "?" + httpRequest.getQueryString();
    }
   
    //this cannot be written
    // RequestDispatcher rd = context.getRequestDispatcher("http://localhost:8080/cart/index.html");
    // rd.forward(request, response);
   
   
   
    //and this didnt work
      httpResponse.sendRedirect("http://localhost:8080/cart/index.html");
   
   
      return;
   

  } else {
    try {

        session.setAttribute("SECURITY_SIGN", "secured");

        filterChain.doFilter(request, response);
    }
    catch (ServletException sx) {
      filterConfig.getServletContext().log(sx.getMessage());
    }
    catch (IOException iox) {
      filterConfig.getServletContext().log(iox.getMessage());
    }
    return;
  }

}

CJ
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8036889
that's strange, you code looks fine to me. are you sure that your mapping is correct and your filter is get called?

anyway, can you try out this code, it works for me:

import javax.servlet.*;

public class MyFilter implements Filter {
 public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
      throws java.io.IOException, ServletException
 {
   System.out.println( "my fileter is called" );
   ((javax.servlet.http.HttpServletResponse)response).sendRedirect("http://localhost:8080/cart/index.html");
 }

 public void init(FilterConfig filterConfig) {}
 public void destroy() {}
}

and make sure you see "my fileter is called" is printed in server log.
0
 

Author Comment

by:rabihy
ID: 8044413
Thanks for your help. Actually "return" was the solution, even though i have tried it before, but i eliminated everything between the sendDirect and the return, so it worked fine. Actually the problem was a combination of also other things, because i had, and still, problem when there is many recursive sendRedirect (not in the same chain, but in the same request)... anyway, it is resolved now in some kind of workaround.. thanks... R.
0
 

Author Comment

by:rabihy
ID: 8044416
Thanks for all of you..
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8044445
yeah the return; statement is needed to give control back.  the smallest stmt can cause problems y'know :-)

Glad I could help and Thanx for the "A"

CJ
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What happened when I tried to make my phone, a Samsung Galaxy S8, stop dropping all WiFi signals was a saga I won't repeat here, but what you might want to know is how it started and how I got it working again.
Often, the users face difficulty in accessing Outlook 2016 PST files on Windows 10 computer. One of the reasons behind it is the improper functioning of MS Outlook when the user tries to open it. MS Outlook suddenly stops working, or it will not op…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question