On 9/9/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> So. I am trying to write a Shale filter. This is how my chain.config.xml
> looks like:
>
> <catalog name="shale">
> <!-- Disallow direct access to JSP and JSFP resources -->
> <chain name="preprocess">
> <command className=
> "org.apache.shale.application.ContextRelativePathFilter"
> includes=
> "\S*\.faces,\S*\.html,\S*\.gif,\S*\.jpg,/index\.jsp"
> excludes="\S*\.jsp,\S*\.jspf"/>
>
> <command className=
> "com.intellicare.shaleNShark.application.PreprocessFilter"
> excludes="/index\.jsp,/logon.faces"/>
> </chain>
> </catalog>
>
> My PreprocessFilter extends ContextRelativePathFilter and has the foll.
> accept method:
> public void accept(ShaleWebContext context) throws Exception {
>
> ShaleWebContext webContext = (ShaleWebContext) context;
> String value = value(webContext);
> Map sessionScope = webContext.getSessionScope();
> String user = (String) sessionScope.get("user");
> String pw = (String) sessionScope.get("password");
> //..etc. (the idea of course being if un/pw are
> null/empty, the app gets seriously mad..)
> }
>
> From what I can understand of the code in AbstractRegExpFilter,
> implementing the "value" method will decide how the "includes" and
> "excludes" patterns are understood by Shale. Since I extended
> ContextRelativePathFilter, I would have thought that my /index.jsp as well
> as /logon.faces would *not* make it to the PreprocessFilter. But I have a
> breakpoint in the accept method and sadly *every* page seems to go through
> this accept method. (What's more, the value of the String "value" above
> comes out as "/index.jsp" and "/logon.faces" when I access my index page
> and logon pages.) Which of course is not ok since I shouldn't be checking
> for un/pw values in the logon page. Where am I going wrong?
>
> Thank you again for your continued help.. doubtless this must be big time
> boring for you..
> Geeta
>
>
First, you put your exclude patterns for /index.jsp and /logon.faces on the
*second* command rather than the first, so they weren't rejected by the
initial filter.
Second, not rejecting those patterns in the first filter is actually a good
thing :-). Otherwise, nobody would ever be able to log in to your app.
What you'll want to do is put some conditional logic that checks the path of
the current page inside your execute method that skips the test for those
pages.
Craig
