Problem with URL mapping in servlet filter

I already have two filters, which typically checks for a valid session. If session is valid it'll redirect to the ExpenseDetailsManagement.html else ExpenseManagementLogin.html. The web.xml config looks like

<filter>
    <filter-name>ExpenseAuthentication</filter-name>
    <filter-class>com.pricar.hibernate.ExpenseAuthentication</filter-class>
</filter>
<filter>
    <filter-name>ExpenseAuthenticationFilter</filter-name>
    <filter-class>com.pricar.hibernate.ExpenseAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ExpenseAuthentication</filter-name>
    <url-pattern>*/ExpenseDetailsManagement.html</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>ExpenseAuthenticationFilter</filter-name>
    <url-pattern>*/ExpenseManagementLogin.html</url-pattern>
</filter-mapping>

Th开发者_如何学JAVAe above two were working fine.

The application path looks like http://localhost:8080/Hibernate/ExpenseManagementLogin.html

If I try with http://localhost:8080/Hibernate, then ExpenseManagementLogin.htmlis loading even if I have a valid session.

For that I tried some url-mapping-patterns like Hibernate/, /Hibernate/, /* then it ends with infinite looping or resource not found error.

My web-app just have two HTML pages, one for login and another for app-stuff.

Any suggestions?

Why do you use two filters?

Remove ExpenseAuthentificationFilter. In the simplest case, place the ExpenseManagementLogin.html file in the root of the war. Add a Servlet or a JSP as the login form target. Configure the page ExpenseDetailsManagement.html as the default page.

Then the following scenario is possible:

• The user calls http://localhost:8080/Hibernate
• Server redirects to the default page http://localhost:8080/Hibernate/ExpenseDetailsManagement.html
• When the browser requests this page, the the remaining servlet filter is called.
• Inside the filter redirect to http://localhost:8080/Hibernate/ExpenseManagementLogin.html, if no valid session is active.
• The user fills in the login form and submits the form. In the servlet or JSP page (the submit target handler) you check login and password and if it is valid you send a redirect to http://localhost:8080/Hibernate/ExpenseDetailsManagement.html.
• Now, when the browser requests this side the second time, the servlet filter sees the valid session and does nothing, so that the protected page can be delivered.

You can also use JAAS to handle login and authentification.