How do I control access of pages with Java? I have a filter already implemented, which makes the control whether the user is logged in or not.
However, I have a page that I need to verify the user's permission ... The page will only be accessed if the user is an administrator.
When the user accesses the treatment page and is not an ADMINISTRATOR user, the page should not be accessed.
I want to know how to do this in the filter part in Java. My code is this:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String context = request.getServletContext().getContextPath();
try{
HttpSession session = ((HttpServletRequest)request).getSession();
User user = null;
if(session != null){
user = (User) session.getAttribute("user");
}
if(user == null){
HttpServletResponse resp =((HttpServletResponse)response);
resp.sendRedirect(context + "/");
} else {
chain.doFilter(request, response);
JPAUtil.closeEntityManager();
}
}catch(Exception e){
e.printStackTrace();
}
}