stackoom
  简体   繁体   中英

How to return HTTP error code from servlet filter?

 原文  2017-08-29 19:10:45       java/ servlet-filters

Question

I have pages in my web application which are accessible only by the administrator. I wrote filter, but I don't understand how to return HTTP error code(403) from the filter if user isn't the admin.

public class AdminFilter implements Filter {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String username = servletRequest.getParameter("username");
        String password = servletRequest.getParameter("password");

        UserDao userDaoImpl = new UserDaoImpl();
        if(userDaoImpl.findByUsername(username).getPassword().equals(password)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            //respond with 403
        }
    }
}

I understand that I can redirect to my custom 403 page but I'm wondering how to return HTTP error code.

3 answers

solution1
 23 ACCPTED  2017-08-29 19:13:28

You need to cast servletResponse to HttpServletResponse first:

HttpServletResponse response = (HttpServletResponse) servletResponse;

Then use its sendError() method:

response.sendError(HttpServletResponse.SC_FORBIDDEN);

SC_FORBIDDEN stands for code 403.

By the way, you don't redirect to 403 page, you just respond with that status. If you do that, the servlet container will serve a special 403 page to the user. You can configure that page in your web.xml :

<error-page>
    <error-code>403</error-code>
    <location>/error-403.htm</location>
</error-page>

This instructs the container to serve your custom page /error-403.htm when you set 403 status.

If you want a redirect, you could use response.sendRedirect() (it issues a 302 redirect).

solution2
 4  2018-10-26 09:01:26

I have solved in this way:

((HttpServletResponse) response).setStatus(HttpServletResponse.SC_BAD_REQUEST);
(HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "HMAC Failed - X-Authenticated-Id not available");
return;

solution3
 2  2020-01-31 07:11:31

Resolved it by setting 401 as error code in the backend and catching the error in angular interceptor as below.

Backend Java code:

(HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);

Angular code:

intercept(req: HttpRequest, next: HttpHandler): Observable> {

    return next.handle(req)
        .catch(error => {

            if (error instanceof HttpErrorResponse && error.status == 401) {
                this.router.navigateByUrl('/sessionExpired', { replaceUrl: true });

                return new EmptyObservable();
            }
            return _throw(error);
        });
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I return a JSON response message and an HTTP error code from javax.servlet.filter doFilter method? How to set http status code when responding to servlet client from Filter class-method in tomcat How to preserve request body on performing HTTP redirect from servlet filter Return custom http error message from Spring Security filter Java Servlet Pass Value from Filter to Servlet Code Servlet response filter for non 2xx http code Why my Servlet Filter program is showing 404 http error? Servlet Code error: http 500 Internal Server Error GWT : How to call SERVLET FROM GWT_SERVLET and How to return value from target servlet to source servlet? Configuring SPNEGO HTTP Servlet Filter
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM