Preface: I gather you’re using homegrown login instead of container managed login. For all ways, see How to handle authentication/authorization with users in a database? The filter (the interceptor) shouldn’t check the validity of the username/password combo. That’s the responsibility of the servlet (the controller). The filter should merely check if the user is logged-in … Read more
As an aside, an alternative way to solve this problem is to not use the filter chain and instead build your own interceptor component, perhaps using aspects, which can operate on the parsed request body. It will also likely be more efficient as you are only converting the request InputStream into your own model object … Read more
You need to implement the javax.servlet.Filter class, do the desired job in doFilter() method and map it on an URL pattern covering the restricted pages, /user/* maybe? Inside the doFilter() you should check the presence of the logged-in user in the session somehow. Further you also need to take JSF ajax and resource requests into … Read more
Implement javax.servlet.Filter. In doFilter() method, cast the incoming ServletRequest to HttpServletRequest. Use HttpServletRequest#getRequestURI() to grab the path. Use straightforward java.lang.String methods like substring(), split(), concat() and so on to extract the part of interest and compose the new path. Use either ServletRequest#getRequestDispatcher() and then RequestDispatcher#forward() to forward the request/response to the new URL (server-side redirect, … Read more