[英]Servlet Filters are not working properly
我在Netbeans 7.4中创建了一个Java Web应用程序MySQL作为数据库。 我已经使用过滤器来控制未经授权的访问,但是它无法正常工作。 我有index.jsp(作为登录页面),home.jsp和Add_Details.jsp文件。 我希望当会话为null或用户尝试访问其他页面(index.jsp除外)时,他们将重定向到index.jsp。 但它不起作用。 这是我的代码:
AuthenticationFilter.java
package Filters;
//all mandatory files are imported.
public class AuthenticationFilter implements Filter {
private ServletContext context;
@Override
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
this.context.log("AuthenticationFilter initialized");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String uri = req.getRequestURI();
this.context.log("Requested Resource::" + uri);
HttpSession session = req.getSession(false);
if (session == null && !(uri.endsWith("index.jsp") || !uri.endsWith("Bucket/") || !uri.endsWith("LoginServlet")))
{
this.context.log("Unauthorized access request");
res.sendRedirect("index.jsp");
} else {
// pass the request along the filter chain
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// close any resources here
}
}
LogingRequestFilter.java
public class LoggingRequestFilter implements Filter {
private ServletContext context;
@Override
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
this.context.log("RequestLoggingFilter initialized");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
Enumeration<String> params = req.getParameterNames();
while (params.hasMoreElements()) {
String name = params.nextElement();
String value = request.getParameter(name);
this.context.log(req.getRemoteAddr() + "::Request Params::{" + name
+ "=" + value + "}");
}
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
this.context.log(req.getRemoteAddr() + "::Cookie::{"
+ cookie.getName() + "," + cookie.getValue() + "}");
}
}
// pass the request along the filter chain
chain.doFilter(request, response);
}
@Override
public void destroy() {
// we can close resources here
}
}
在web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>LoggingRequestFilter</filter-name>
<filter-class>com.org.king.Filters.LoggingRequestFilter</filter-class>
</filter>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>com.org.king.Filters.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoggingRequestFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
我建议您在Servlet过滤器中设置一个断点,并逐步遍历代码,以了解执行流程为何未进入“ if”块内:
if (session == null && !(uri.endsWith("index.jsp") || !uri.endsWith("Bucket/") || !uri.endsWith("LoginServlet")))
{
另外,如果您是从头开始实施此操作,则可能需要遵循“ DTSTTCPW”和“ YAGNI”之类的原则。 * DTSTTCPW =做可能可行的最简单的事情** YAGNI =您不需要它
几天前,我遇到了类似的问题。
以这种方式检查会话是否为空还不够。 您可能有一个绑定到该会话的对象。 例如,我有用户。 在登录页面中,我将用户对象绑定到会话。
检查该对象是否为空。 不要使用会话。
因为浏览器可能创建了会话,或者会话可能是新会话,但是您尚未向其添加任何登录信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.