[英]Java Filter to redirect users who are not logged in to login page
I was trying to make a filter to stop users who are not logged in from accessing certain pages.For this i made a filter class with the following doFilter
method 我试图制作一个过滤器来阻止未登录的用户访问某些页面。为此,我使用以下doFilter
方法创建了一个过滤器类
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String url = request.getRequestURI();
boolean allowedRequest = false;
System.out.println(url);
if(urlList.contains(url)) {
allowedRequest = true;
System.out.println("in list");
}
if (!allowedRequest) {
Object o = request.getSession().getAttribute("UserInfo");
if (null == o) {
System.out.println("Hey i am in");
response.sendRedirect("/login.jsp");
}
}
chain.doFilter(req, res);
} // end of doFilter
To allow the pages which doesnot need the user to be logged in i created an arraylist url-list in init() 为了允许不需要用户登录的页面我在init()中创建了一个arraylist url-list
Now a very strange stupid thing is happening. 现在发生了一件非常奇怪的蠢事。 suppose i have two pages home.jsp and dcr.jsp. 假设我有两页home.jsp和dcr.jsp。 When i try to access home.jsp without logging in the i am successfully redirected to login.jsp but when i am trying to access dcr.jsp it is not redirected although it enters the loop if(null == o) which i can understand because i am getting that line printed in console.THis is the output that i get in the server This is the output that i get in the server 当我尝试访问home.jsp而没有登录时,我成功地重定向到login.jsp,但是当我试图访问dcr.jsp时它没有被重定向,尽管它进入循环if(null == o)我能理解因为我在控制台中打印该行.THis是我在服务器中获得的输出这是我在服务器中获得的输出
/dcrmaintenance.jsp
Hey i am in
Which tells me that the null == o was true. 这告诉我null == o是真的。
The page dcr.jsp accesses a session object and since the user is not logged in it is getting java.lang.NullPointerException as expected but i cannot understand why is the redirection not taking place even after entering the loop.If someone can pt out where i am making a mistake it would be appreciated. 页面dcr.jsp访问一个会话对象,由于用户没有登录,它正在按预期获得java.lang.NullPointerException但我无法理解为什么即使进入循环后重定向也没有发生。如果有人可以在哪里我犯了一个错误,我将不胜感激。
After response.sendRedirect("/login.jsp");
在response.sendRedirect("/login.jsp");
do return;
return;
. 。
I believe that you should either invoke sendRedirect OR doFilter. 我相信你应该调用sendRedirect或doFilter。 Eg 例如
if (requiresLogin)
response.sendRedirect("/login.jsp");
else
chain.doFilter(req,resp);
chain.doFilter(req, res);
What other filters are running in your Application? 您的应用程序中还运行了哪些其他过滤器 You send the redirect, but continue with the filter chain. 您发送重定向,但继续使用过滤器链。 I guess another filter is modifying the response again. 我猜另一个过滤器正在再次修改响应。 If you stay with your filter, just return after the redirect. 如果您使用过滤器,只需在重定向后返回。
Instead of the filter, in an Java WebApp you can define your Security Constraints in the web.xml. 您可以在Java WebApp中定义安全约束,而不是过滤器。 Have a look on Security Constraints . 看看安全约束 。
Short example: 简短的例子:
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Authorized</role-name>
</auth-constraint>
</security-constraint>
I think you have to change your web.xml... You have to put your restricted resources to appropriate folder. 我认为您必须更改您的web.xml ...您必须将受限资源放到适当的文件夹中。 In this way Filter Servlet will restrict files which allocates in "restricted" folder.( http://www.developer.com/security/article.php/3467801/Securing-J2EE-Applications-with-a-Servlet-Filter.htm ) (And I think the reason of using Filter Servlet is writing own Authorization system. - in this way you have not to define your Security Constraints in the web.xml, you have to define it in Data Base ;))) ) 这样,Filter Servlet将限制在“restricted”文件夹中分配的文件。( http://www.developer.com/security/article.php/3467801/Securing-J2EE-Applications-with-a-Servlet-Filter.htm )(我认为使用Filter Servlet的原因是编写自己的授权系统。 - 这样你就不必在web.xml中定义安全约束,你必须在数据库中定义它;))))
<!--Servlet Filter that handles site authorization.-->
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>examples.AuthorizationFilter</filter-class>
<description>This Filter authorizes user access to application
components based upon request URI.</description>
<init-param>
<param-name>error_page</param-name>
<param-value>../../login.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/restricted/*</url-pattern>
</filter-mapping>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.