Use SessionValidationFilter for executing logic before every page

The SessionValidationFilter allows you to execute business logic before action is requested and page is rendered. This method will get executed once for every page. You can use this method to redirect user to different page, generate some debugging information. Ex. lets say you have a requirement that every time a page gets rendered you will have to check if the page is empty(no portlets), if yes redirect user to different page.

I did create this SampleSessionValidationFilter that prints out the request and session information for the portal before every request.


package com.webspherenotes.auth;

import java.util.Enumeration;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.ibm.portal.auth.FilterChainContext;
import com.ibm.portal.auth.SessionValidationFilter;
import com.ibm.portal.auth.SessionValidationFilterChain;
import com.ibm.portal.auth.exceptions.SessionValidationException;
import com.ibm.portal.security.SecurityFilterConfig;
import com.ibm.portal.security.exceptions.SecurityFilterInitException;

public class SampleSessionValidationFilter implements SessionValidationFilter{

@Override
public void destroy() {

}

@Override
public void init(SecurityFilterConfig arg0)
throws SecurityFilterInitException {

}

@Override
public void validateSession(HttpServletRequest request,
HttpServletResponse response, FilterChainContext filterChainContext,
SessionValidationFilterChain filterChain)
throws SessionValidationException {
System.out.println("Inside SampleSessionValidationFilter.validateSession() User Name"
+ request.getRemoteUser());

System.out.println("Printing request attributes");
Enumeration attributeNameEnum = request.getAttributeNames();
while(attributeNameEnum.hasMoreElements()){
String attributeName = attributeNameEnum.nextElement();
System.out.println(attributeName +" " + request.getAttribute(attributeName));
}
System.out.println("Printing request parameters " + request.getParameterMap());

HttpSession session = request.getSession();
System.out.println("Printing request attributes");
Enumeration sessionAttributeNameEnum = session.getAttributeNames();
while(sessionAttributeNameEnum.hasMoreElements()){
String attributeName = sessionAttributeNameEnum.nextElement();
System.out.println(attributeName +" " + session.getAttribute(attributeName));
}

filterChain.validateSession(request, response, filterChainContext);

}
}


You will have to implement SessionValidationFilter interface and then you will get control inside validateSession method before the page gets rendered.

The class file for filter should go to the shared library of the server. Dont forget to register your validate sesion filter with by portal using WS_AuthenticationService

1 comment:

Shinku said...

Hi ,

How to redirect from SessionValidationFilter for some request