Learn Servlet-JSP By Building A Social Network Website — Part IX
Learn how to use the filter technique to authenticate incoming requests
Task 13: Using Filter for authenticated checking
In the previous task, we used sessions to keep track of whether a user has logged in to our system.
Let’s take a look at the code we have used in the NewsFeedController servlet to verify that a user has already authenticated:
And in the ProfileController servlet:
As you would have noticed, the code for authenticating an already logged-in account:
sess.getAttribute(Keys.USER) != nullhas repeated many times. That is not to say that in reality, the authenticated code can be much more complicated than just checking a session’s attribute.
What if we have 10 more pages that users need to be authenticated in order to access? Then you can imagine that we need to duplicate the above code on 10 more different pages.
To avoid code duplication, we can utilize Filter to handle the authenticated checking.
Step 1:
Create a new key as the following in the Keys class
We will use this new variable as a key to store the accessing URL so that when the user has logged in, we will redirect to the previous access URL for the sake of convenience.
Step 2:
In the package net.learnbyproject.filters, create a filter called RequiredLoginFilter with the following implementation:
In the filter, we have 2 URL patterns:
@WebFilter(urlPatterns = {“/profile”, “/newsfeed”})That means the filter will intercept requests with those 2 URL patterns. For other requests, the filter just ignores.
The code for verifying authenticated users is similar to the one we had with the additions:
String currentUrl = httpServletRequest.getRequestURL().toString();
session.setAttribute(Keys.CURRENT_URL, currentUrl);If the user has not logged in, we store the accessing URL in a session with the key Keys.CURRENT_URL, so that once the user has signed in successfully, we will redirect to that stored URL.
Step 3:
Now let’s open the LoginController servlet
The current code in the processRequest() method is as follows:
As you can see, when the user has signed in, we always redirect to the news feed page which is not a user-friendly experience.
Now, let’s update the above code like the following:
I added the code to check if the Keys.CURRENT_URL is null, which means users did not access any URL previously, then the user is redirected to the news feed page.
Otherwise, the user will be redirected to the previous accessing URL.
Now it’s time to remove the authenticated checking code.
Step 4
Let’s open the NewsFeedController servlet, and update the code in the processRequest() method as follows:
As you can see, we now can get rid of the logged-in checking code, and that makes our controller code much cleaner.
Next, let’s open the NewsFeedController servlet, and update the code in the processRequest() method as follows:
It’s time to test our web application.
Don’t forget to clean and build your project first.
And if you run your web application, you should have the same result as before.
Check out the complete source code if you get stuck:
https://github.com/stackera/learn-servlet-jsp/blob/main/Task13_Filter_RequireLoggin.zip
