Fixed filter blocking resources

db_structure.sql

@@ -126,6 +126,7 @@ ALTER TABLE `User`
 
 --
 -- Data for table `User`
+-- User: admin, Password: password
 --
 INSERT INTO `User` (`name`, `email`, `emailVerified`, `passwordHash`, `passwordSalt`, `ipHost`, `dateCreated`, `dateLastLogin`, `cookieHash`, `superUser`, `enabled`) VALUES
 ('Admin Admin', 'admin', 1, '6e88be8bad7eae9d9e10aa061224034fed48d03fcbad968b56006784539d5214', 'salt', '', '1970-01-01 01:00:0', '1970-01-01 01:00:0', '', 1, 1);

src/zall/Zallery.java

@@ -32,6 +32,8 @@ public class Zallery extends HttpServlet{
     public static String SMTP_HOST = "";
     public static String DATA_PATH = "";
 
+    public static String WEBSITE_PATH = "/zallery";
+
     /**
      * Config Options:
      * <br>- WEBSITE_NAME

src/zall/ZalleryConstants.java

@@ -9,14 +9,14 @@ public interface ZalleryConstants {
 
     /** Session Constants **/
 
-    public static String ENV_KEY_WEBSITE_TITLE = "WEBSITE_TITLE";
+    public static final String ENV_KEY_WEBSITE_TITLE = "WEBSITE_TITLE";
-    public static String ENV_KEY_WEBSITE_NAME  = "WEBSITE_NAME";
+    public static final String ENV_KEY_WEBSITE_NAME  = "WEBSITE_NAME";
-    public static String ENV_KEY_WEBSITE_URL   = "WEBSITE_URL";
+    public static final String ENV_KEY_WEBSITE_URL   = "WEBSITE_URL";
-    public static String ENV_KEY_ADMIN_EMAIL   = "ADMIN_EMAIL";
+    public static final String ENV_KEY_ADMIN_EMAIL   = "ADMIN_EMAIL";
-    public static String ENV_KEY_ADMIN_NAME    = "ADMIN_NAME";
+    public static final String ENV_KEY_ADMIN_NAME    = "ADMIN_NAME";
-    public static String ENV_KEY_SMTP_HOST     = "SMTP_HOST";
+    public static final String ENV_KEY_SMTP_HOST     = "SMTP_HOST";
-    public static String ENV_KEY_ROOT_PATH     = "ROOT_PATH";
+    public static final String ENV_KEY_ROOT_PATH     = "ROOT_PATH";
-    public static String ENV_KEY_DATA_PATH     = "DATA_PATH";
+    public static final String ENV_KEY_DATA_PATH     = "DATA_PATH";
 
     /** Session Constants **/
 
@@ -33,5 +33,4 @@ public interface ZalleryConstants {
 
     String LANG_BASENAME = "zall.lang.zallery_lang";
     Locale LANG_DEFAULT  = Locale.ENGLISH;
-
 }

src/zall/ZalleryServlet.java

@@ -85,8 +85,7 @@ public abstract class ZalleryServlet extends HttpServlet {
                 url = "/" + url;
 
             String path = request.getRequestURI();
-            if (!path.endsWith("/"))
+            path = path.substring(0, path.indexOf("/", 1));
-                path = path.substring(0, path.lastIndexOf("/"));
 
             response.sendRedirect(path + url);
         }

src/zall/filter/AuthenticationFilter.java

@@ -1,5 +1,6 @@
 package zall.filter;
 
+import zall.Zallery;
 import zall.ZalleryServlet;
 import zall.bean.User;
 import zall.manager.AuthenticationManager;
@@ -23,6 +24,10 @@ public class AuthenticationFilter implements Filter {
     private static final Logger logger = LogUtil.getLogger();
 
     private static final String[] WHITELIST = new String[]{
+            "/css",
+            "/fonts",
+            "/img",
+            "/js",
             LoginServlet.URI,
             RegisterServlet.URI
     };
@@ -32,33 +37,33 @@ public class AuthenticationFilter implements Filter {
 
     @Override
     public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
-        String requestURI = ((HttpServletRequest) request).getRequestURI();
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        User user = AuthenticationManager.getUserSession(((HttpServletRequest) request).getSession());
+        User user = AuthenticationManager.getUserSession(httpRequest.getSession());
 
         // continue the request via the filter pipeline if it is login page or it is a isValid User
-        if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
+        if (AuthenticationManager.isValid(user, httpRequest)) {
             logger.finest("User already authenticated, continuing filter chain.");
             chain.doFilter(request, response);
         } else {
-            AuthenticationManager.rmUserSession(((HttpServletRequest) request).getSession());
+            AuthenticationManager.rmUserSession(httpRequest.getSession());
 
-            if (isWhitelisted(requestURI)){
+            if (isWhitelisted(httpRequest)){
-                logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
+                logger.finer("Continuing filtering chain for whitelisted page: " + httpRequest);
                 chain.doFilter(request, response);
             } else {
                 // do not continue the filter pipeline forward to login page
                 logger.fine("User not authenticated, redirecting to login page.");
-                ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
+                ZalleryServlet.redirect(LoginServlet.URI, httpRequest, (HttpServletResponse) response);
             }
         }
     }
 
-    private boolean isWhitelisted(String requestURI) {
+    private boolean isWhitelisted(HttpServletRequest request) {
-        if (ObjectUtil.isEmpty(requestURI))
+        if (ObjectUtil.isEmpty(request))
             return false;
 
         for (String whitelistURI : WHITELIST) {
-            if (requestURI.endsWith(whitelistURI))
+            if (request.getRequestURI().startsWith(Zallery.WEBSITE_PATH + whitelistURI))
                 return true;
         }
         return false;