您好,我正在开发一个 Web 应用程序,在调用 web.xml 中提到的 servelet 时遇到问题。
这是我的 web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<servlet>
<servlet-name>FileServlet</servlet-name>
<servlet-class>com.tpg.fileserver.FileServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>AuthorizationFilter</filter-name>
<filter-class>com.tpg.fileserver.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorizationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
问题是,当我尝试运行我的应用程序时,我希望首先运行授权过滤器,然后再运行文件 Servelet。现在发生的事情与我想要的相反。我还尝试将 0 用于 File Servelet,但这没有帮助。下面提到的是我的过滤器类代码。
public class AuthorizationFilter implements Filter {
private static final String kNotAuthorizedUrl = "/NotAuthorized.html";
private static final String kTrustedHostsFileName = "trusted_hosts.txt";
private static final String kPublicFilesFileName = "public_files.txt";
private static final String TRUSTED_HOSTS = "TRUSTED_HOSTS";
private static final String PUBLIC_FILES = "PUBLIC_FILES";
private static Properties itsProperties = null;
public static final String kPropertySingleSignOnURL = "sso-url";
private static final String kPropertiesFileName = "metadata.properties";
private static boolean itsInitialized = false;
private static synchronized void initialize() {
if (!itsInitialized) {
try {
ProductMetadataAPI.setProduct(Version.kProductName, Version.kPhysical);
System.out.println("Inside Initialize");
PersistenceAPI.isDebugging = true;
JNDIConnectionFactory connFactory = new JNDIConnectionFactory("DataSource"); // IDB
SingleSignOnAuthenticator.setAuthenticationUrl(ConfigurationUtils.getProperties().getProperty(kPropertySingleSignOnURL));
SecurityAPI.setSecurity(
SecurityAPI.makeSecurity(
new StandardFactory(),
new PersistenceRepository(connFactory),
new CommonsBase64Codec(),
new SingleSignOnAuthenticator()));
itsInitialized = true;
} catch (Throwable e) {
LoggerClass.logErr(e);
}
}
}
private void requestAuthentication(HttpServletResponse response) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.addHeader("WWW-Authenticate", "BASIC Realm=\"Single Sign-on\"");
LoggerClass.logInfoMsg("SSO not set. redirecting to siteminder......");
}
public void doFilter(ServletRequest inRequest, ServletResponse inResponse, FilterChain chain) throws IOException, ServletException {
try {
HttpServletRequest request = (HttpServletRequest) inRequest;
HttpServletResponse response = (HttpServletResponse) inResponse;
System.out.println("Before Setting Serervlet Context");
ConfigurationUtils.setCurrentServletContext(request.getSession().getServletContext());
System.out.println("After Setting Serervlet Context");
initialize();
if (request instanceof HttpServletRequest && (request.getMethod().equals("GET") || request.getMethod().equals("POST"))) {
String remoteHost = "", authorization = "", userName = "", password = "";
HttpServletRequest r = (HttpServletRequest)request;
Enumeration<String> e = r.getHeaderNames();
while (e.hasMoreElements()) {
String headerName = e.nextElement();
LoggerClass.logInfoMsg(headerName + "=" + r.getHeader(headerName));
}
LoggerClass.logDebugMsg("Proxy-Client-IP is :" + r.getHeader("Proxy-Client-IP"));
LoggerClass.logDebugMsg("Remote-Address-IP is :" + r.getRemoteAddr());
remoteHost = r.getHeader("Proxy-Client-IP");
if (remoteHost == null) {
remoteHost = r.getRemoteAddr();
LoggerClass.logDebugMsg("Remote-Address-IP ["+remoteHost + "] is requesting " + r.getRequestURI());
}else{
LoggerClass.logDebugMsg("Proxy-Client-IP ["+remoteHost + "] is requesting " + r.getRequestURI());
}
authorization = r.getHeader("Authorization");
if (authorization != null) {
final int index = authorization.indexOf(' ');
if (index > 0) {
final String[] credentials = StringUtils.split(new String(Base64.decodeBase64(authorization.substring(index))), ':');
if (credentials.length == 2) {
userName = credentials[0].toUpperCase();
password = credentials[1];
}
}
}
if (isSiteminderAuthenticationPresent(r)) {
LoggerClass.logInfoMsg("Inside Siteminder Logic ......");
chain.doFilter(request, response);
return;
} else if (isPublic(request) || isTrusted(remoteHost)) {
LoggerClass.logInfoMsg("Inside Public/Trusted Host Logic ......");
chain.doFilter(request, response);
return;
} else if (!isBasicAuthenticationPresent(userName, password)) {
LoggerClass.logInfoMsg("Failed in Basic Authentication Present.....");
requestAuthentication(response);
} else if (!isBasicAuthenticationValid(r.getSession(), userName, password)) {
LoggerClass.logInfoMsg("Failed in Basic Authentication Validation.....");
requestAuthentication(response);
} else {
chain.doFilter(request, response);
}
}
response.sendRedirect(request.getContextPath() + kNotAuthorizedUrl);
} catch (Exception e) {
LoggerClass.logErr(e);
throw new RuntimeException(e);
}
}
}
下面提到的是我的 Servlet 部分代码:
public class FileServlet extends HttpServlet
{
public FileServlet()
{
System.out.println("In fileServlet");
this.itsRootDir = Common.getRequiredProperty(Common.kPropertyRootDir);
// some business logic
}
@Override public void doGet(HttpServletRequest inRequest, HttpServletResponse inResponse)
throws ServletException, IOException
{
String theRelFileName = Common.extractFileName(inRequest, false);
String theFileName = this.itsRootDir + theRelFileName;
File theFile = new File(theFileName);
//Some more Business Logic
}
}
下面是我在应用程序日志中得到的 Sysout 日志。在这里,我注意到一件奇怪的事情。首先调用到 File Servlet,然后是授权过滤器,然后再次到 File Servlet。
[8/8/14 0:54:05:109 EDT] 0000002b SystemOut O In fileServlet
[8/8/14 0:54:05:161 EDT] 0000002b SystemOut O In Authoriazation Filter
[8/8/14 0:54:05:232 EDT] 0000002b SystemOut O In fileServlet
最佳答案
过滤器总是在webapp的启动期间按照它们在web.xml中定义的顺序初始化。
servlet 默认情况下仅在其 url-pattern 上的第一个 HTTP 请求期间初始化。
所以在这种情况下,首先 webapp 的 web.xml 将被解析,并且在 web.xml 中找到的每个 Filter 将被创建一次并且保存在服务器的内存中
现在,当请求来自像 /* 这样的 url 模式时,容器会查找该模式并找到 servlet 的映射,从而初始化 servlet .然后调用 filter 来处理请求。
要解决这个问题,您可以更改 servlet 的 url 模式。当用户输入一些 url 模式,如 /* 时,重定向到过滤器类,如果他成功验证,则重定向到用其他一些指定的 servlet url pattern 或者重定向到 error page
关于java - 如何顺序调用Servlet和Filter,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25195907/