Servlet filter source code: LoginFilter.java
/**
* A servlet filter example: This example filters j_security_check and
* performs pre-login action to determine if the user trying to log in
* is in the revoked list. If the user is on the revoked list, an error is
* sent back to the browser.
*
* This filter reads the revoked list file name from the FilterConfig
* passed in the init() method. It reads the revoked user list file and
* creates a revokedUsers list.
*
* When the doFilter method is called, the user logging in is checked
* to make sure that the user is not on the revoked Users list.
*
*/
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class LoginFilter implements Filter {
protected FilterConfig filterConfig;
java.util.List revokeList;
/**
* init() : init() method called when the filter is instantiated.
* This filter is instantiated the first time j_security_check is
* invoked for the application (When a protected servlet in the
* application is accessed).
*/
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
// read revoked user list
revokeList = new java.util.ArrayList();
readConfig();
}
/**
* destroy() : destroy() method called when the filter is taken
* out of service.
*/
public void destroy() {
this.filterConfig = null;
revokeList = null;
}
/**
* doFilter() : doFilter() method called before the servlet to
* which this filter is mapped is invoked. Since this filter is
* mapped to j_security_check,this method is called before
* j_security_check action is posted.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws java.io.IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
// pre login action
// get username
String username = req.getParameter("j_username");
// if user is in revoked list send error
if ( revokeList.contains(username) ) {
res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// call next filter in the chain : let j_security_check authenticate
// user
chain.doFilter(request, response);
// post login action
}
/**
* readConfig() : Reads revoked user list file and creates a revoked
* user list.
*/
private void readConfig() {
if ( filterConfig != null ) {
// get the revoked user list file and open it.
BufferedReader in;
try {
String filename = filterConfig.getInitParameter("RevokedUsers");
in = new BufferedReader( new FileReader(filename));
} catch ( FileNotFoundException fnfe) {
return;
}
// read all the revoked users and add to revokeList.
String userName;
try {
while ( (userName = in.readLine()) != null )
revokeList.add(userName);
} catch (IOException ioe) {
}
}
}
}
<filter id="Filter_1">
<filter-name>LoginFilter</filter-name>
<filter-class>LoginFilter</filter-class>
<description>Performs pre-login and post-login operation</description>
<init-param>
<param-name>RevokedUsers</param-name>
<param-value>c:\WebSphere\AppServer\installedApps\
<app-name>\revokedUsers.lst</param-value>
</init-param>
</filter-id>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
user1
cn=user1,o=ibm,c=us
user99
cn=user99,o=ibm,c=us