Authentication with Filters in JSP-Servlet


On the Eclipse, create a Maven project

Click Next button to select Workspace Location for project

Click Next button to select Archetype for project

Click Next button and enter Project Information:

  • Group Id: LearnJSPServletWithRealApps
  • Artifact Id: LearnJSPServletWithRealApps
  • Package: com.demo

Click Finish button to finish create Maven project




<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>LearnJSPServletWithRealApps</groupId>
	<artifactId>LearnJSPServletWithRealApps</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>Learn JSP-Servlet with Real Apps</name>
	<url>http://maven.apache.org</url>
	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>3.8.1</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>javax.servlet.jsp.jstl</groupId>
			<artifactId>javax.servlet.jsp.jstl-api</artifactId>
			<version>1.2.1</version>
		</dependency>
		<dependency>
			<groupId>taglibs</groupId>
			<artifactId>standard</artifactId>
			<version>1.1.2</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>3.1.0</version>
			<scope>provided</scope>
		</dependency>
	</dependencies>
	<build>
		<finalName>LearnJSPServletWithRealApps</finalName>
	</build>
</project>
<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
 	<welcome-file-list>
 		<welcome-file>index.jsp</welcome-file>
 	</welcome-file-list>
</web-app>

Create new JSP file named index.jsp in src\main\webapp folder. This file will redirect to DemoServlet as below:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1"%>
<jsp:forward page="demo"></jsp:forward>

Create new package named com.demo.user.servlets. In this package, create new Servlet named DemoServlet as below:

package com.demo.user.servlets;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/demo")
public class DemoServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	public DemoServlet() {
		super();
	}

	protected void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		request.getRequestDispatcher("demo/index.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
	}

}




Create new folder named demo in src\main\webapp folder. In src\main\webapp\demo folder, create new JSP file named index.jsp as below:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1" isELIgnored="false"%>
<html>
<head>
<title>Demo Page</title>
</head>
<body>

	<h3>Demo Page</h3>

</body>
</html>

Create new package named com.demo.admin.servlets. In this package, create new Servlets as below:

In com.demo.admin.servlets package, create new Servlet named AccountServlet as below:

package com.demo.admin.servlets;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@WebServlet("/admin/account")
public class AccountServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	public AccountServlet() {
		super();
	}

	protected void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		String action = request.getParameter("action");
		if (action == null) {
			request.getRequestDispatcher("account/login.jsp").forward(request, response);
		} else {
			if (action.equalsIgnoreCase("logout")) {
				HttpSession session = request.getSession();
				session.removeAttribute("username");
				response.sendRedirect("account");
			}
		}
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		HttpSession session = request.getSession();
		String username = request.getParameter("username").trim();
		String password = request.getParameter("password").trim();
		if (username.equalsIgnoreCase("admin") && password.equalsIgnoreCase("123")) {
			session.setAttribute("username", username);
			request.getRequestDispatcher("account/welcome.jsp").forward(request, response);
		} else {
			request.setAttribute("message", "Invalid Account");
			request.getRequestDispatcher("account/login.jsp").forward(request, response);
		}
	}

}

In com.demo.admin.servlets package, create new Servlet named ProductAdminServlet as below:

package com.demo.admin.servlets;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/admin/product")
public class ProductAdminServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	public ProductAdminServlet() {
		super();
	}

	protected void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		request.getRequestDispatcher("product/index.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
	}

}

In com.demo.admin.servlets package, create new Servlet named NewsAdminServlet as below:

package com.demo.admin.servlets;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/admin/news")
public class NewsAdminServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	public NewsAdminServlet() {
		super();
	}

	protected void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		request.getRequestDispatcher("news/index.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
	}

}




Create new folder named admin in src\main\webapp folder. In this folder, create new folders contains JSP pages for Servlets in Admin as below:

In src\main\webapp\admin folder, create new folder named account. In src\main\webapp\admin\account folder, create new JSP files as below:

In src\main\webapp\admin\account folder, create new JSP file named login.jsp as below:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1" isELIgnored="false"%>
<html>
<head>
<title>Login Page</title>
</head>
<body>

	<h3>Login Page</h3>
	${message }
	<form method="post" action="${pageContext.request.contextPath }/admin/account">
		<table cellpadding="2" cellspacing="2">
			<tr>
				<td>Username</td>
				<td><input type="text" name="username"></td>
			</tr>
			<tr>
				<td>Password</td>
				<td><input type="password" name="password"></td>
			</tr>
			<tr>
				<td>&nbsp;</td>
				<td><input type="submit" value="Login"></td>
			</tr>
		</table>
	</form>

</body>
</html>

In src\main\webapp\admin\account folder, create new jsp file named welcome.jsp as below:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1" isELIgnored="false"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Welcome Page</title>
</head>
<body>

	<h3>Welcome Page</h3>
	Welcome ${sessionScope.username }
	<br>
	<a href="${pageContext.request.contextPath }/admin/account?action=logout">Logout</a>

</body>
</html>

In src\main\webapp\admin folder, create new folder named product. In src\main\webapp\admin\product folder, create new JSP files as below:

In src\main\webapp\admin\product folder, create new JSP file named index.jsp as below:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1" isELIgnored="false"%>
<html>
<head>
<title>Product List</title>
</head>
<body>

	<h3>Product List - Admin Panel</h3>

</body>
</html>

In src\main\webapp\admin folder, create new folder named news. In src\main\webapp\admin\news folder, create new JSP files as below:

In src\main\webapp\admin\product folder, create new JSP file named index.jsp as below:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1" isELIgnored="false"%>
<html>
<head>
<title>News List</title>
</head>
<body>

	<h3>News List - Admin Panel</h3>

</body>
</html>




Create new package named com.demo.filters. In this package, create new Filter named AdminFilter as below:

package com.demo.filters;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

@WebFilter(filterName = "adminFilter", urlPatterns = { "/admin/*" })
public class AdminFilter implements Filter {

	public AdminFilter() {
	}

	public void destroy() {
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
		HttpSession session = req.getSession();
		if (session.getAttribute("username") == null && !req.getRequestURI().endsWith("admin/account")) {
			req.getRequestDispatcher("account/login.jsp").forward(request, response);
		} else {
			chain.doFilter(request, response);
		}
	}

	public void init(FilterConfig fConfig) throws ServletException {
	}

}

Select project, right click and select Run As/Run on Server menu

Access DemoServlet with following urls as below:

  • http://localhost:8081/LearnJSPServletWithRealApps
  • http://localhost:8081/LearnJSPServletWithRealApps/demo

Output

Access ProductAdminServlet in Admin area with following url: http://localhost:8081/LearnJSPServletWithRealApps/admin/product without Session

Output

Access NewsAdminServlet in Admin area with following url: http://localhost:8081/LearnJSPServletWithRealApps/admin/news without Session

Output

Test with invalid account is username: abc and password: 123

Output

Test with valid account is username: admin and password: 123

Output

Access ProductAdminServlet in Admin area with following url: http://localhost:8081/LearnJSPServletWithRealApps/admin/product with Session

Access ProductAdminServlet in Admin area with following url: http://localhost:8081/LearnJSPServletWithRealApps/admin/news with Session