[英]How to return HTTP error code from servlet filter?
I have pages in my web application which are accessible only by the administrator.我的 Web 应用程序中有只有管理员才能访问的页面。 I wrote filter, but I don't understand how to return HTTP error code(403) from the filter if user isn't the admin.
我写了过滤器,但我不明白如果用户不是管理员,如何从过滤器返回 HTTP 错误代码(403)。
public class AdminFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
String username = servletRequest.getParameter("username");
String password = servletRequest.getParameter("password");
UserDao userDaoImpl = new UserDaoImpl();
if(userDaoImpl.findByUsername(username).getPassword().equals(password)) {
filterChain.doFilter(servletRequest, servletResponse);
} else {
//respond with 403
}
}
}
I understand that I can redirect to my custom 403 page but I'm wondering how to return HTTP error code.我知道我可以重定向到我的自定义 403 页面,但我想知道如何返回 HTTP 错误代码。
You need to cast servletResponse
to HttpServletResponse
first:您需要
servletResponse
为HttpServletResponse
:
HttpServletResponse response = (HttpServletResponse) servletResponse;
Then use its sendError()
method:然后使用它的
sendError()
方法:
response.sendError(HttpServletResponse.SC_FORBIDDEN);
SC_FORBIDDEN
stands for code 403. SC_FORBIDDEN
代表代码 403。
By the way, you don't redirect to 403 page, you just respond with that status.顺便说一下,你不会重定向到 403 页面,你只是用那个状态来响应。 If you do that, the servlet container will serve a special 403 page to the user.
如果这样做,servlet 容器将为用户提供一个特殊的 403 页面。 You can configure that page in your
web.xml
:您可以在
web.xml
配置该页面:
<error-page>
<error-code>403</error-code>
<location>/error-403.htm</location>
</error-page>
This instructs the container to serve your custom page /error-403.htm
when you set 403 status.这会指示容器在您设置 403 状态时为您的自定义页面
/error-403.htm
提供服务。
If you want a redirect, you could use response.sendRedirect()
(it issues a 302 redirect).如果您想要重定向,可以使用
response.sendRedirect()
(它发出 302 重定向)。
I have solved in this way:我是这样解决的:
((HttpServletResponse) response).setStatus(HttpServletResponse.SC_BAD_REQUEST);
(HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "HMAC Failed - X-Authenticated-Id not available");
return;
Resolved it by setting 401 as error code in the backend and catching the error in angular interceptor as below.通过在后端将401设置为错误代码并在角度拦截器中捕获错误来解决它,如下所示。
Backend Java code:后端Java代码:
(HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED); (HttpServletResponse) 响应).sendError(HttpServletResponse.SC_UNAUTHORIZED);
Angular code:角度代码:
intercept(req: HttpRequest, next: HttpHandler): Observable> {拦截(req: HttpRequest, next: HttpHandler): Observable> {
return next.handle(req)
.catch(error => {
if (error instanceof HttpErrorResponse && error.status == 401) {
this.router.navigateByUrl('/sessionExpired', { replaceUrl: true });
return new EmptyObservable();
}
return _throw(error);
});
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.