I'm taking over an existing Spring MVC project, and need to modify it's behavior, I added a servlet filter to intercept all incoming requests, some URLs of this app has the following format : http://example.com/SupportCenter/abc.html?token=some_token_value
I want to get the token value before anything else happens, but since this app has a security login page, if you are not logged in, and you try to get to the above URL, it will direct you to the login page at : http://example.com/SupportCenter/login.jsp
Therefore I won't be able intercept the incoming request url [ http://example.com/SupportCenter/abc.html ] and the token value, my app's web.xml looks like this :
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>Site_Filter</filter-name>
<filter-class>com.builders.support.center.ServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Site_Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>supportCenter</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>supportCenter</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>supportCenter</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>supportCenter</servlet-name>
<url-pattern>/newlogin</url-pattern>
</servlet-mapping>
...
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/fail_login.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>1</role-name>
</security-role>
<security-role>
<role-name>4</role-name>
</security-role>
The supportCenter-servlet.xml looks like this :
<?xml version="1.0" encoding="UTF-8"?>
<!-- - Application context definition for "SupportCenter" DispatcherServlet. -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<context:component-scan base-package="com.XYZ.support.center.weblayer.springmvc.controllers"/>
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"/>
<bean id="supportCenterPropertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
<value>/WEB-INF/properties/web-site.properties</value>
</property>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass">
<value>org.springframework.web.servlet.view.JstlView</value>
</property>
<property name="prefix">
<value>/WEB-INF/jsp/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<bean id="urlMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="/main.html">mainFormController</prop>
<prop key="/login">mainFormController</prop>
<prop key="/newlogin">mainFormController</prop>
<prop key="/fail_login.html">failLoginViewController</prop>
<prop key="/login.html">loginFormController</prop>
<prop key="/changePassword.html">changePasswordFormController</prop>
<prop key="/forgotUsername.html">forgotUsernameFormController</prop>
<prop key="/forgotPassword.html">forgotPasswordFormController</prop>
...
</props>
</property>
</bean>
...
<bean id="mainFormController"
class="com.XYZ.support.center.weblayer.springmvc.controllers.MainFormController">
<property name="sessionForm">
<value>true</value>
</property>
<property name="commandName">
<value>commandBean</value>
</property>
<property name="commandClass">
<value>com.XYZ.support.center.weblayer.springmvc.command.beans.MainCommandBean</value>
</property>
<property name="formView">
<value>main</value>
</property>
<property name="successView">
<value>main.html</value>
</property>
<property name="bindOnNewForm">
<value>true</value>
</property>
<property name="equotesLink">
<value>${equotes.link}</value>
</property>
<property name="hotchkissAgencyBillPayLink">
<value>${payment.pay.site.hotchkiss}</value>
</property>
</bean>
...
<bean id="loginFormController"
class="com.XYZ.support.center.weblayer.springmvc.controllers.LoginFormController">
<property name="sessionForm">
<value>true</value>
</property>
<property name="commandName">
<value>commandBean</value>
</property>
<property name="commandClass">
<value>com.XYZ.support.center.weblayer.springmvc.command.beans.LoginCommandBean</value>
</property>
<property name="formView">
<value>login</value>
</property>
<property name="successView">
<value>j_security_check</value>
</property>
<property name="bindOnNewForm">
<value>true</value>
</property>
</bean>
...
</beans>
My filter looks like this :
public class ServletFilter implements Filter
{
String requestURI="",url="",queryString="",Token="";
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException,ServletException
{
if (servletRequest instanceof HttpServletRequest)
{
requestURI=(HttpServletRequest)servletRequest.getRequestURI();
url=((HttpServletRequest)servletRequest).getRequestURL().toString();
queryString=((HttpServletRequest)servletRequest).getQueryString();
}
System.out.println(" [ Intercepted In ServletFilter = 0 ] requestURI = "+requestURI+" , url = "+url+" , queryString = "+queryString);
...
}
}
And the output of trying to reach [ /SupportCenter/abc.html?token=some_token_value ] looks like this :
Aug 13, 2014 6:26:05 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 54325 ms
[ JSP = 1 ] 1407968732269
[ JSP = 2 ] 1407968732677
[ Intercepted In ServletFilter = 0 ] requestURI = /SupportCenter/styles/loginForm.css , url = http://10.xx.5.2/SupportCenter/styles/loginForm.css , queryString = null
[ Intercepted In ServletFilter = 1 ] Token = null , url = http://10.xx.5.2/SupportCenter/styles/loginForm.css
[ queryString = null ]
[ Intercepted In ServletFilter = 0 ] requestURI = /SupportCenter/javascript/login.js , url = http://10.xx.5.2/SupportCenter/javascript/login.js , queryString = null
[ Intercepted In ServletFilter = 1 ] Token = null , url = http://10.xx.5.2/SupportCenter/javascript/login.js
[ queryString = null ]
[ Intercepted In ServletFilter = 0 ] requestURI = /SupportCenter/styles/header_ms.css , url = http://10.xx.5.2/SupportCenter/styles/header_ms.css , queryString = null
[ Intercepted In ServletFilter = 1 ] Token = null , url = http://10.xx.5.2/SupportCenter/styles/header_ms.css
[ queryString = null ]
As you can see, it reaches the JSP page first. What can I do so it hits the servlet filter first ? And even if there's no way it can reach the filter first, how to get the token value when it's redirected to the login.jsp ?
My 2nd question is : how to bypass the login.jsp all together ?
