Hi Guys,
I need to use filter for custom security implementation. Please refer the
SecurityFilter below for my filter implementation.
I am facing strange issue with @FormParam. Value of variables with
@FormParam does not get injected with the filter while it works fine without
filter.
I also observed that if I do not write any code in doFilterInternal method
like below, values gets injected fine.
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain chain) throws ServletException,
IOException {
chain.doFilter(request, response);
}
I am not getting any clue of what is wrong here. Please help.
public class SecurityFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain chain) throws ServletException,
IOException {
String url = request.getServletPath();
boolean valid = false;
int errorCode = -1;
UserSession session = null;
if (url.contains("secure")) {
valid = true; //Exclude login request from session token
requirement
}
else {
String sessionToken = request.getParameter("sessionToken");
String ip = request.getRemoteAddr();
if (sessionToken != null) {
session =
getRestSessionManager().getUserSessionBySessionKey(sessionToken);
}
errorCode = RestSecurityUtil.validate(sessionToken, ip,
session);
valid = (StatusConstants.COMMAND_OK == errorCode);
if(valid && getRestSessionManager().isSessionExpired(session)) {
errorCode = StatusConstants.INVALID_SESSION_TOKEN;
valid = false;
}
}
chain.doFilter(request, response);
}
}
Thanks,
Ashish