The init
and destroy methods of this class do nothing and thus are provided
empty bodies.
Chapter 5 ?– Servlet and JSP Filters 254
2. Filtering behavior in the doFilter method. This method forces
the client to directly invoke the requested resource by calling the
sendRedirect method. This setup will trigger the server??™s security
mechanism, preventing unauthorized access to the protected resource.
Because this filter is configured to only intercept the RequestDispatcher
and error page calls and we do not intend to let any such
requests pass, we never call the doFilter method of the FilterChain.
3. Configuration of security constraints, roles, and login mechanism.
Using the security-constraint element, we restrict
access to any resource inside the secure directory to users in the
executive role only. Using the security-role element, we
declare the executive role. Finally, using the login-config
element, we specify the type of user authentication as BASIC. See
Listing 5.26. For more details on defining security constraints, roles,
login mechanism, and associating usernames with passwords, see
Section 3.1 (Form-Based Authentication).
4. Registration with URLs that attempt to invoke a resource
inside the secure directory. First, the filter element associates
the name SecurityHolePlugFilter with the class coreservlets.
filters.SecurityHolePlugFilter. The filtermapping
element uses the same url-pattern as the securityonstraint
element (i.
Pages:
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307