'Unauthorization/authorization fails to Java Servlet Filters
I have problems with an authotization filter The problems is that it's unauthorizing even when the user is logged
There is the patterns:
@WebServlet(urlPatterns = {"/signin", "/login", "/create", "/list_patients", "/update_patient", "/delete_patient", "/logout"})
When the user login into app:
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
session.setAttribute("isloged", userlg);
And in the filter: the patterns I catch:
@WebFilter(urlPatterns = {"/create", "/list_patients"})
The method do Filter:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
UserLoged loged = (UserLoged) session.getAttribute("isloged");
if(loged==null) {
System.out.println("Unauthozized - There is no session active");
req.getRequestDispatcher("403.html").forward(request, response);
} else {
System.out.println("Authorized");
chain.doFilter(request, response);
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|