Redirect to login page does not work in Java Web Application

Question

I have the following code in my session tracking class but it does not redirect to the login page when the session is expired or the user is null. Can someone please help.

SessionTrackingFilter.java:

 package com.canaldigital.tsi.security;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.canaldigital.framework.logging.CDLogger;
import com.canaldigital.framework.logging.CDLoggerInterface;
import com.canaldigital.tsi.utils.WorklistUtils;

public class SessionTrackingFilter implements Filter {

    private FilterConfig filterConfig = null;

    private static final CDLoggerInterface logger = CDLogger
            .getLogger(SessionTrackingFilter.class);

    public SessionTrackingFilter() {

    }

    /*
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
     */
    public void init(FilterConfig filter) throws ServletException {
        this.filterConfig = filter;
    }

    /*
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
     * javax.servlet.ServletResponse, javax.servlet.FilterChain)
     */
    public synchronized void doFilter(ServletRequest request,
            ServletResponse response, FilterChain chain) throws IOException,
            ServletException {

        if (request instanceof HttpServletRequest) {

            HttpServletRequest httpRequest = (HttpServletRequest) request;
            HttpServletResponse httpRes = (HttpServletResponse) response;

            HttpSession session = httpRequest.getSession(true);

            String uri = httpRequest.getRequestURI();

            uri = uri.replaceFirst(httpRequest.getContextPath(), "");

            try {
                if (WorklistUtils.isDebugEnabled())
                    logger.debug("session user is "
                            + session.getAttribute("user"));
                String loggedUser = (String) session.getAttribute("user");
                if (WorklistUtils.isDebugEnabled())
                    logger.debug("uri is ::" + uri);
                if (loggedUser == null && !uri.endsWith("login.xhtml")) {       
                    httpRes.sendRedirect("/WorklistWeb/faces/general/logins/login.xhtml");                                      
                }else{
                    RequestDispatcher dispatcher = filterConfig.getServletContext()
                            .getRequestDispatcher(uri);
                    dispatcher.forward(request, response);
                }

            } catch (Exception exception) {
                exception.printStackTrace();
            }
        }
    }

    /*
     * @see javax.servlet.Filter#destroy()
     */
    public void destroy() {
        this.filterConfig = null;
    }
}

Web.xml

 <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>CsR Worklist Web Application</display-name>

    <context-param>
        <param-name>javax.faces.CONFIG_FILES</param-name>
        <param-value>/WEB-INF/faces-config.xml</param-value>
    </context-param>

    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>

    <context-param>
        <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name>
        <param-value>true</param-value>
    </context-param>

    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>redmond</param-value>
    </context-param>

    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>

    <session-config>
        <session-timeout>120</session-timeout>
    </session-config>

    <filter>
        <description>For ensuring that user accesses the application after proper login.</description>
        <display-name>sessionTrackingFilter</display-name>
        <filter-name>sessionTrackingFilter</filter-name>
        <filter-class>com.canaldigital.tsi.security.SessionTrackingFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>sessionTrackingFilter</filter-name>
        <url-pattern>*.xhtml</url-pattern>
    </filter-mapping>


    <mime-mapping>
        <extension>xml</extension>
        <mime-type>application/xml</mime-type>
    </mime-mapping>

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

    <error-page>
        <exception-type>javax.faces.application.ViewExpiredException</exception-type>
        <location>/faces/general/logins/sessionExpired.xhtml</location>
    </error-page>

</web-app>

Answer 1

can you post the code where you are setting the user attribute in the session. Log this code as well

loggedUser == null && !uri.endsWith("login.xhtml")