该页面在Servlet /过滤器中无法正确重定向

Question

I am new to Servlet and Filter. I am trying to block all users that is not logged-in in my application.

Web.xml file

<filter>
        <filter-name>UserFilter</filter-name>
        <filter-class>user.UserFilter</filter-class>

    <init-param>
        <param-name>avoid-urls</param-name>
        <param-value>index.jsp, SelectDb.jsp, login.jsp</param-value>
    </init-param>

    </filter>
    <filter-mapping>
    <filter-name>UserFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

The Filter Class

package user;

import java.io.IOException;
import java.util.ArrayList;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


public class UserFilter implements Filter {

    private ArrayList<String> urlList;

    public UserFilter() {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        String url = request.getServletPath();
        String contextPath = request.getContextPath();
        boolean allowedRequest = false;

        for (String urlList1 : urlList) {
            if (url.contains(urlList1)) {
                allowedRequest = true;
                break;
            }
        }
        if (!allowedRequest) {
            HttpSession session = request.getSession();
            if (null == session) {
                response.sendRedirect("");
            } else {
                String logged = (String) session.getAttribute("username");
                if (logged == null) {
                    response.sendRedirect(request.getContextPath() + "/dashboard/SelectDb.jsp");
                } else {
                    chain.doFilter(request, response);
                }
            }
        } else {
            chain.doFilter(request, response);
        }

    }

    @Override
    public void destroy() {
    }

    @Override
    public void init(FilterConfig config) {
        String urls = config.getInitParameter("avoid-urls");
        StringTokenizer token = new StringTokenizer(urls, ",");
        urlList = new ArrayList<>();
        while (token.hasMoreTokens()) {
            urlList.add(token.nextToken());
        }
    }

}

I can see that the page is redirecting properly to the page I want to redirect. The Url is changing. But the Firefox says that the page is not redirecting properly. The Message is somewhat like this: Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies . I do not think that this error is from the browser itself. Because I've tried other browser also. Why this error ? How can Solve this error ?

Answer 1

Try replacing

HttpSession session = request.getSession();

to

HttpSession session = request.getSession(false);

request.getSession() will create a new session if there is no session yet, so it will never return null, thus the user is redirected to the selectDb url where he has !allowedRequest and its enters and infinite redirection