[英]Java servlet redirecting using filters
I have the following question: 我有以下问题:
I have a index.html
page with a login form: 我有一个带登录表单的
index.html
页面:
<html>
<head>
<title>TODO supply a title</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="css/css.css" type="text/css" rel="stylesheet"/>
</head>
<body>
<nav>
<form action="">
<label for="username">User: </label><input name ="username" type="text">
<label for="password">Password: </label><input name ="password" type="password">
<input type="submit" value="Vai">
</form>
</nav>
<section id ="page">
</section>
</body>
</html>
I have created a filter called f2
that should check if the username is "admin" and if so redirect the user to the page payroll/private/stipendi.html
or if not to the page payroll/public/dipendenti.html
. 我创建了一个名为
f2
的过滤器,该过滤器应检查用户名是否为“ admin”,如果是,则将用户重定向至payroll/private/stipendi.html
页面,否则将用户重定向至payroll/public/dipendenti.html
。
This is the hierarchy of my project (made with netbeans 8.02): 这是我的项目的层次结构(使用netbeans 8.02构建):
Here is my web.xml
file: 这是我的
web.xml
文件:
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<filter>
<filter-name>f2</filter-name>
<filter-class>f2</filter-class>
</filter>
<filter-mapping>
<filter-name>f2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
And here's the f2
filter: 这是
f2
过滤器:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
if (debug) {
log("f2:doFilter()");
}
doBeforeProcessing(request, response);
HttpServletRequest req = (HttpServletRequest) request;
if(req.getSession().getAttribute("username") == null)
System.out.println("Attributo username = NULL");
if(!req.getParameter("username").equals("admin")){
System.out.println("Username is not ADMIN");
req.getRequestDispatcher("/payroll/public/dipendenti.html").forward(request, response);
}
else{
System.out.println("Username is ADMIN");
req.getRequestDispatcher("/payroll/private/stipendi.html").forward(request, response);
}
Throwable problem = null;
try {
chain.doFilter(request, response); return;
} catch (Throwable t) {
// If an exception is thrown somewhere down the filter chain,
// we still want to execute our after processing, and then
// rethrow the problem after that.
problem = t;
t.printStackTrace();
}
doAfterProcessing(request, response);
// If there was a problem, we want to rethrow it if it is
// a known type, otherwise log it.
if (problem != null) {
if (problem instanceof ServletException) {
throw (ServletException) problem;
}
if (problem instanceof IOException) {
throw (IOException) problem;
}
sendProcessingError(problem, response);
}
}
I have relized some things: 我已经考虑了一些事情:
I have an infinite loop because my filter f2
has the url-pattern = /*
so it catches every request, elaborate it, sends it and the recatch the same request just sent. 我有一个无限循环,因为我的过滤器
f2
具有url-pattern = /*
因此它可以捕获每个请求,对其进行详细说明,将其发送并重新捕获刚发送的相同请求。 Over and over again. 一遍又一遍地。
This mens I have to change my url-pattern
to something else. 这个男人,我必须将我的
url-pattern
更改为其他内容。 But what? 但是呢 What if I create a servlet called... let's say
myRedirectServlet.java
, the in index.html
: action = "myRedirectServlet"
or just action = "/payroll/"
without creating any servlet? 如果我创建一个名为...的小服务程序,比如说
myRedirectServlet.java
, index.html
: action = "myRedirectServlet"
或只是action = "/payroll/"
而没有创建任何servlet呢? I do apologize but I'm pretty confused. 我很抱歉,但是我很困惑。
Please help me 请帮我
What you are doing is not in the interest of security. 您正在执行的操作不符合安全性。 You should utilize the concept of principals - but let's save this for another day.
您应该利用委托人的概念-但是让我们再保留一天。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.