Wednesday, July 24, 2013
Today I will show you how you can use the power of filters to do session tracking. We will create a special type of filter here that will do session tracking. You people must have experienced that when you visit some websites(like facebook,twitter etc) you cannot access all the pages until you are logged in. Today we will implement this feature. We will write a session filter that checks for a certain attribute in the session object to see whether the user is already logged in or not. If the user is logged in then he can access those pages otherwise will be redirected to the home page. Here the filter will act as a phantom and intercept the request and according to that send the response.
   Here we will consider that as soon as the user logs in a attribute named "user" is set with object of some User class that contains all user details using methods getSession(false) and getAttribute(). So we will test whether taht attribute exists or not. If it exists then he will be able to access the requested page, otherwise will be redirected to login page using sendRedirect().
Java Source Code
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class SessionFilter implements Filter {

public void destroy() {
System.out.println("SessionFilter destroyed");

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest)request;   //casting
HttpServletResponse res=(HttpServletResponse)response;
HttpSession session=req.getSession(false);  //getting session object
   Object usr=session.getAttribute("user");  //getting attribute
   if(usr==null){  //if its null then not logged in
   System.out.println("Invalid Session");
   res.sendRedirect("./login.jsp");  //redirecting to login page
       chain.doFilter(req, res);  //permitting to access if logged in
    res.sendRedirect("./login.jsp");  //redirecting if no session object

public void init(FilterConfig fConfig) throws ServletException {
System.out.println("SessionFilter initialized");

NOTE : If you are using servlet 3.0 then mention the url's for which you want to add this filter using WebFilter annotation. But if you are using Servlet2.5 then use the <filter-mapping> tag in web.xml to map this filter to url's. So depending on your web-app use the different way you want , so I am not mentioning it in my code.
Download Links


Post a Comment

Total Pageviews

Subscribe via Email


Popular Posts

About Me

My photo

I am a student of BTech Computer Science Engineering from RCCIIT,Kolkata. I am a crazy lover of Java and wants to settle as a Java developer. I have a seven years Java experience with an application developer experience for 2 years. Recently from March 2012 I am a registered S40 app developer for Nokia and has corrected an app of them. I am currently writing blogs to encourage and grow interest in all those who don't know or learning Java.