用户登录jsp servlet后防止返回登录页面
[英]prevent back to login page after user is logged in jsp servlet
问题描述
i am using jsp servlet to make a web application, I want to prevent the user to show login page, if he already logged in, I make a filter that check that, but it still show login page even user has a valid session, Here is the code in the Filter. 
我正在使用jsp servlet制作Web应用程序,我想防止用户显示登录页面,如果他已经登录,我将进行过滤以进行检查,但即使用户具有有效的会话,它仍会显示登录页面,是过滤器中的代码。
HttpSession session = httpreq.getSession(false);
if(session == null){
System.out.println("not logged, redirect ");
httpres.sendRedirect("../Login.jsp");
}
else{
System.out.println("could be logged");
String logged = (String) session.getAttribute("Login");
if(logged != null){
System.out.println(" logged "+logged);
if (!logged.equals("ok")) { // user is not logged
System.out.println("not logged, redirect ");
httpres.sendRedirect("../Login.jsp");
return;
} else { // if user has a session redirect his to the page he was opened
System.out.println("redirect to the same page");
chain.doFilter(request, response);
System.out.println("redirect to the same page");
httpres.setCharacterEncoding("UTF-8");
httpres.sendRedirect(httpreq.getRequestURI());
}
}else
{
System.out.println("not logged, redirect login ");
httpres.sendRedirect("../Login.jsp");
return;
}
}
I make the session only on folders that located outside the WEB-INF folder. 我仅在WEB-INF文件夹之外的文件夹上进行会话。
Edit : Here's the code to check the validity of user and add attributes to session 编辑 :这是检查用户有效性并向会话添加属性的代码
isVaild = StudentManagement.isValidUser(connection, studentUserName, password);
// I have more than one roles in the system..
}
if (isVaild) {
System.out.println("create session");
HttpSession session = request.getSession();
session.setAttribute("Login", "ok");
session.setAttribute("userName", userName);
session.setAttribute("role", role);
if (role == UserRole.STUDENT) { //student role
url = "/ParentManagementServlet?pageName=StudentActivationPage";
forward(request, response, url);
} else if (role == UserRole.ADMIN) { //admin role
url = "/Admin/MainPage.jsp";
forward(request, response, url);
}
Edit 2: here's the URL mapping in web.xml file 编辑2:这是web.xml文件中的URL映射
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/Admin/*</url-pattern>
</filter-mapping>
since Admin is the folder that locates outside the WEB-INF folder. 因为Admin是位于WEB-INF文件夹之外的文件夹。
1 个解决方案
解决方案1
0 2011-04-24 19:14:07
Everything seems fine, apart from Filter mapping, try - 除了筛选器映射,一切似乎都很好,请尝试-
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/protected directory/*</url-pattern>
</filter-mapping>
I'm assuming you want to protect everything in the directory and the above url pattern will check for whole directory .. you can fine tune the pattern as per your need. 我假设您想保护目录中的所有内容,并且上述url模式将检查整个目录..您可以根据需要微调该模式。
But the point is - pattern mentioned in question ( <url-pattern>/Admin/*</url-pattern> ) does not intercept Login.jsp and that's why it cannot perform session check and renders Login.jsp even for valid sessions. 但问题是-在问题中提到的图案( <url-pattern>/Admin/*</url-pattern> ) 不拦截Login.jsp ,这就是为什么它不能执行会话确认和渲染Login.jsp甚至对有效会话。
You can perform a check in the existing filter - whether the request is for Login.jsp and then can make a decision (I don't know whether this is a good way to go) else keep the Login.jsp out of the protected directory and write an another filter which matches only Login.jsp 您可以在现有过滤器中执行检查-请求是否针对Login.jsp,然后可以做出决定(我不知道这是否是一个好方法),否则将Login.jsp保留在受保护的目录之外并编写另一个仅与Login.jsp匹配的过滤器
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.