ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/secdfrmx.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">

<title>Example: Servlet filters</title>
</head>

<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>

<h4><a name="secdfrmx"></a>Example: Servlet filters</h4>

<p>This example illustrates one usage of the servlet filters to perform pre-login and post-login processing during form login. See the <a href="codex.htm">Code example disclaimer</a> for legal information about this code example.</p>

<pre>// Servlet Filter source code: LoginFilter.java
/**
 * A Servlet filter example: This example filters j_security_check and
 * performs pre-login action to determine if the user trying to log in
 * is in the revoked list. If the user is in revoked list, an error is
 * sent back to the browser.
 *
 * This filter reads the revoked list file name from the FilterConfig 
 * passed in the init() method. Reads the revoked user list file and
 * creates a revokedUsers list.
 * 
 * When doFilter method is called, the user being logged in is checked 
 * to make sure that the user is not in the revoked User list.
 *
 */

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;

public class LoginFilter implements Filter {

  protected FilterConfig filterConfig;
  java.util.List revokeList; 
   

 /**
  * init() : init() method called when the filter is instantiated. This
  * filter is instantiated first time j_security_check is invoked for the
  * application (when a protected servlet in the application is accessed).
  */
  public void init(FilterConfig filterConfig) throws ServletException {
    this.filterConfig = filterConfig;

    // read revoked user list
    revokeList = new java.util.ArrayList(); 
    readConfig();
  }


 /**
  * destroy() : destroy() method called when the filter is taken out of service.
  */
  public void destroy() {
    this.filterConfig = null;
    revokeList = null;
  }

 /**
  * doFilter() : doFilter() method called before the servlet that this filter
  * is mapped is invoked. Since this filter is mapped to j_security_check, 
  * this method is called before j_security_check action is posted.
  */
  public void doFilter(ServletRequest request,
                       ServletResponse response,
                       FilterChain chain)
   throws java.io.IOException, ServletException {

     HttpServletRequest req = (HttpServletRequest)request;
     HttpServletResponse res = (HttpServletResponse)response;

     // pre login action
      
     // get username 
     String username = req.getParameter(&quot;j_username&quot;);

     // if user is in revoked list send error
     if ( revokeList.contains(username) ) {
       res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
       return;
     }
      
     // call next filter in the chain : let j_security_check authenticate user
     chain.doFilter(request, response);

     // post login action
   }

 /**
  * readConfig() : Reads revoked user list file and creates a revoked user list.
  */
  private void readConfig() {
    if ( filterConfig != null ) {

      // get the revoked user list file and open it.
      BufferedReader in;

      try { 
        String filename = filterConfig.getInitParameter(&quot;RevokedUsers&quot;);
        in = new BufferedReader( new FileReader(filename));
      }
      catch (FileNotFoundException fnfe) {
        return;
      }
	
      // read all the revoked users and add to revokeList. 
      String userName;
      try {
        while ( (userName = in.readLine()) != null ) {
          revokeList.add(userName);
        }
      }
      catch (IOException ioe) {
      }
    }
  }
}</pre>

<p>This example shows a portion of the application deployment descriptor (web.xml) that lists the LoginFilter configuration and mapping to j_security_check:</p>

<pre>  &lt;filter id=&quot;Filter_1&quot;&gt;
    &lt;filter-name&gt;LoginFilter&lt;/filter-name&gt;
    &lt;filter-class&gt;LoginFilter&lt;/filter-class&gt;
    &lt;description&gt;Performs pre-login and post-login operation&lt;/description&gt;
    &lt;init-param&gt;
      &lt;param-name&gt;RevokedUsers&lt;/param-name&gt;
      &lt;param-value&gt;
       /QIBM/UserData/WebASE51/ASE/<em>instance</em>/installedApps/<em>application</em>/revokedUsers.lst
      &lt;/param-value&gt;
    &lt;/init-param&gt;
    &lt;/filter-id&gt;
  &lt;filter-mapping&gt;
    &lt;filter-name&gt;LoginFilter&lt;/filter-name&gt;
    &lt;url-pattern&gt;/j_security_check&lt;/url-pattern&gt;
  &lt;/filter-mapping&gt;</pre>

<p>Here is an example of the revoked user list file:</p>

<pre>  user1
  cn=user1,o=ibm,c=us
  user99
  cn=user99,o=ibm,c=us</pre>

</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">`
			`<html>`
			`<head>`
			`<META http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">`

			`<title>Example: Servlet filters</title>`
			`</head>`

			`<BODY>`
			`<!-- Java sync-link -->`
			`<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>`

			`<h4><a name="secdfrmx"></a>Example: Servlet filters</h4>`

			`<p>This example illustrates one usage of the servlet filters to perform pre-login and post-login processing during form login. See the <a href="codex.htm">Code example disclaimer</a> for legal information about this code example.</p>`

			`<pre>// Servlet Filter source code: LoginFilter.java`
			`/**`
			`* A Servlet filter example: This example filters j_security_check and`
			`* performs pre-login action to determine if the user trying to log in`
			`* is in the revoked list. If the user is in revoked list, an error is`
			`* sent back to the browser.`
			`*`
			`* This filter reads the revoked list file name from the FilterConfig`
			`* passed in the init() method. Reads the revoked user list file and`
			`* creates a revokedUsers list.`
			`*`
			`* When doFilter method is called, the user being logged in is checked`
			`* to make sure that the user is not in the revoked User list.`
			`*`
			`*/`

			`import javax.servlet.*;`
			`import javax.servlet.http.*;`
			`import java.io.*;`

			`public class LoginFilter implements Filter {`

			`protected FilterConfig filterConfig;`
			`java.util.List revokeList;`


			`/**`
			`* init() : init() method called when the filter is instantiated. This`
			`* filter is instantiated first time j_security_check is invoked for the`
			`* application (when a protected servlet in the application is accessed).`
			`*/`
			`public void init(FilterConfig filterConfig) throws ServletException {`
			`this.filterConfig = filterConfig;`

			`// read revoked user list`
			`revokeList = new java.util.ArrayList();`
			`readConfig();`
			`}`


			`/**`
			`* destroy() : destroy() method called when the filter is taken out of service.`
			`*/`
			`public void destroy() {`
			`this.filterConfig = null;`
			`revokeList = null;`
			`}`

			`/**`
			`* doFilter() : doFilter() method called before the servlet that this filter`
			`* is mapped is invoked. Since this filter is mapped to j_security_check,`
			`* this method is called before j_security_check action is posted.`
			`*/`
			`public void doFilter(ServletRequest request,`
			`ServletResponse response,`
			`FilterChain chain)`
			`throws java.io.IOException, ServletException {`

			`HttpServletRequest req = (HttpServletRequest)request;`
			`HttpServletResponse res = (HttpServletResponse)response;`

			`// pre login action`

			`// get username`
			`String username = req.getParameter("j_username");`

			`// if user is in revoked list send error`
			`if ( revokeList.contains(username) ) {`
			`res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);`
			`return;`
			`}`

			`// call next filter in the chain : let j_security_check authenticate user`
			`chain.doFilter(request, response);`

			`// post login action`
			`}`

			`/**`
			`* readConfig() : Reads revoked user list file and creates a revoked user list.`
			`*/`
			`private void readConfig() {`
			`if ( filterConfig != null ) {`

			`// get the revoked user list file and open it.`
			`BufferedReader in;`

			`try {`
			`String filename = filterConfig.getInitParameter("RevokedUsers");`
			`in = new BufferedReader( new FileReader(filename));`
			`}`
			`catch (FileNotFoundException fnfe) {`
			`return;`
			`}`

			`// read all the revoked users and add to revokeList.`
			`String userName;`
			`try {`
			`while ( (userName = in.readLine()) != null ) {`
			`revokeList.add(userName);`
			`}`
			`}`
			`catch (IOException ioe) {`
			`}`
			`}`
			`}`
			`}</pre>`

			`<p>This example shows a portion of the application deployment descriptor (web.xml) that lists the LoginFilter configuration and mapping to j_security_check:</p>`

			`<pre> <filter id="Filter_1">`
			`<filter-name>LoginFilter</filter-name>`
			`<filter-class>LoginFilter</filter-class>`
			`<description>Performs pre-login and post-login operation</description>`
			`<init-param>`
			`<param-name>RevokedUsers</param-name>`
			`<param-value>`
			`/QIBM/UserData/WebASE51/ASE/<em>instance</em>/installedApps/<em>application</em>/revokedUsers.lst`
			`</param-value>`
			`</init-param>`
			`</filter-id>`
			`<filter-mapping>`
			`<filter-name>LoginFilter</filter-name>`
			`<url-pattern>/j_security_check</url-pattern>`
			`</filter-mapping></pre>`

			`<p>Here is an example of the revoked user list file:</p>`

			`<pre> user1`
			`cn=user1,o=ibm,c=us`
			`user99`
			`cn=user99,o=ibm,c=us</pre>`

			`</body>`
			`</html>`