LoginFilter

From Plex-XML
Jump to: navigation, search

Work in Progress

the optional LoginFilter is designated to check if a login is required for the current request. only webrequests defined with an Attribute "needlogin='false'" doesn't require an active user session. in this case the filter creates an anonymous session if needed. if a request requires a an active user session, it checks if there is an active session or automated login via a cookie can take place. if both cases are not true, the filter forwards the request to a login page - saving the original request URI. the login request should define a "FORWARD"-Reaction in case the login data has successfully validated. FORWARD-Reactions forwards to the formerly stored original request, if one was set

the Login Webrequest should have the attribut "needlogin='false'" otherwise you could get an endless loop

this filter works additive to any security constraints defined in the application. So if the request is secured by the application the user will still get an error message.

    <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>de.allabout.basics.LoginFilter</filter-class>
        <init-param>
           <!-- Name of the login Request-->
           <param-name>loginRequest</param-name>
           <param-value>ValidateUserAjax</param-value> <!-- the value here is the default value if the parameter is no supplied -->
        </init-param>
        <init-param>
           <!-- Name of the Cookie which could supply the login data, so automated login can be done -->
           <param-name>rememberidCookieName</param-name>
           <param-value>rememberid</param-value> <!-- the value here is the default value if the parameter is no supplied -->
        </init-param>
        <init-param>
           <!-- same as in the servlet configuration --->
           <param-name>de.bodow.web.config</param-name>
           <param-value>/WEB-INF/request-config.xml</param-value>
        </init-param>
    </filter>

Personal tools