How to create a JSF filter / url template to protect javascripts

Question

How to create a JSF filter / url template to protect javascripts

I wrote a Java web filter to handle my JSF application security. I have a filter mapping as follows:

<filter-mapping> <filter-name>authFilter</filter-name> <url-pattern>/secure/*</url-pattern> <url-pattern>/login.jsf</url-pattern> <url-pattern>/*.js.jsf</url-pattern> <--- invalid pattern </filter-mapping>

and now I want to create a url template to filter all javascript files. I use Primefaces, so .js files are extracted at the following URLs:

 http://localhost:8080/MyProject/javax.faces.resource/MyJavascriptFile.js.jsf?ln=MyLibrary

I can not filter all javax.faces.resouces because it also contains CSS files. Is there a way to create a URL pattern to match only javascripts?

+4

javascript resources jsf servlet-filters url-mapping

Pedro peixoto Jun 12 '12 at 19:58

source share

2 answers

Balusc · Answer 1 · 2012-12-05T18:00:53+0000

 <url-pattern>/*.js.jsf</url-pattern> <--- invalid pattern

This is really an invalid URL pattern. The wildcard * can only be at the beginning or end of the URL pattern. In your particular case, you do not need the / prefix.

 <url-pattern>*.js.jsf</url-pattern> <--- valid pattern

Note that this issue has nothing for JSF. Servlet filters are part of the Servlet core API.

How to create a JSF filter / url template to protect javascripts

See also:

More articles: