-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAuthenticationFilter.java
More file actions
109 lines (87 loc) · 3.97 KB
/
Copy pathAuthenticationFilter.java
File metadata and controls
109 lines (87 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package com.securefileshare.filters;
import com.securefileshare.models.User;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
public class AuthenticationFilter implements Filter {
// List of public paths that don't require authentication
private static final List<String> PUBLIC_PATHS = Arrays.asList(
"/index.jsp",
"/jsp/auth/login.jsp",
"/jsp/auth/register.jsp",
"/jsp/auth/otp-verification.jsp",
"/auth",
"/verify-otp",
"/resend-otp"
);
// List of public resource extensions
private static final List<String> PUBLIC_EXTENSIONS = Arrays.asList(
".css", ".js", ".jpg", ".jpeg", ".png", ".gif", ".ico", ".svg"
);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("✅ AuthenticationFilter initialized");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String requestURI = httpRequest.getRequestURI();
String contextPath = httpRequest.getContextPath();
String path = requestURI.substring(contextPath.length());
System.out.println("🔍 Filter processing: " + path);
// ============== ALLOW PUBLIC ACCESS ==============
// 1. Allow root path (/) - THIS IS THE KEY FIX!
if (path.equals("/") || path.isEmpty()) {
System.out.println("✅ Root path accessed - allowing");
chain.doFilter(request, response);
return;
}
// 2. Allow index.jsp explicitly
if (path.equals("/index.jsp")) {
System.out.println("✅ index.jsp accessed - allowing");
chain.doFilter(request, response);
return;
}
// 3. Allow all public paths from the list
if (PUBLIC_PATHS.contains(path)) {
System.out.println("✅ Public path accessed: " + path);
chain.doFilter(request, response);
return;
}
// 4. Allow public resources by extension
for (String ext : PUBLIC_EXTENSIONS) {
if (path.endsWith(ext)) {
System.out.println("✅ Public resource: " + path);
chain.doFilter(request, response);
return;
}
}
// 5. Allow auth servlet paths (they handle their own authentication)
if (path.startsWith("/auth") || path.startsWith("/verify-otp") || path.startsWith("/resend-otp")) {
System.out.println("✅ Auth servlet accessed: " + path);
chain.doFilter(request, response);
return;
}
// ============== CHECK AUTHENTICATION ==============
HttpSession session = httpRequest.getSession(false);
boolean isLoggedIn = (session != null && session.getAttribute("user") != null);
if (!isLoggedIn) {
System.out.println("❌ Not authenticated - redirecting to login from: " + path);
// Store the original requested URL to redirect back after login
httpRequest.getSession().setAttribute("redirectAfterLogin", path);
httpResponse.sendRedirect(contextPath + "/jsp/auth/login.jsp");
return;
}
// User is authenticated - allow access
System.out.println("✅ Authenticated user accessing: " + path);
chain.doFilter(request, response);
}
@Override
public void destroy() {
System.out.println("✅ AuthenticationFilter destroyed");
}
}