我的过滤器出现无限循环。 url 模式不是通用的。我似乎无法弄清楚为什么会造成这种情况。这是我的过滤器的映射
<filter>
<filter-name>AdminAuthentication</filter-name>
<filter-class>my.filters.AdminAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminAuthentication</filter-name>
<url-pattern>/admin/addLocation</url-pattern>
<url-pattern>/admin/deleteLocation</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
此代码在 chain.doFilter(request, response)
之前执行
private void doBeforeProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (debug) {
log("AdminAuthFilter:DoBeforeProcessing");
}
HttpServletRequest _request = (HttpServletRequest) request;
HttpSession session = _request.getSession();
User user = (User) session.getAttribute("user");
if(user == null) {
//send redirect somewhere
HttpServletResponse _response = (HttpServletResponse) response;
_response.sendRedirect("login.jsp");
return;
}
}
我的问题是,当我在没有登录的情况下进入 admin/addLocation 时,我会得到一个无限重定向,如下所示
http://localhost:8080/PROJ/admin/admin/admin/admin...
否则当我登录时它工作正常。 login.jsp 也不位于 admin 文件夹中。请帮忙。
最佳答案
您的入口点需要位于过滤器之外。您的重定向有问题。由于 user 为空而与 chain.doFilter 发生冲突。
这是一个简单的登录过滤器,我用它来检查用户是否已登录以及是否在定义的 url 模式内的 session 中。
过滤器描述符
<filter>
<filter-name>AdminFilter</filter-name>
<filter-class>com.AdminLoginFilter</filter-class>
<description>Admin Login Filter</description>
<init-param>
<param-name>Admin_login_form</param-name>
<param-value>/administration/login</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AdminFilter</filter-name>
<url-pattern>/administration/controlpanel/*</url-pattern>
</filter-mapping>
Servlet 过滤器
public class AdminLoginFilter implements Filter {
private FilterConfig filterConfig;
private String loginForm;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
loginForm = this.filterConfig.getInitParameter("Admin_login_form");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
ControlPanelUser adminUser = (ControlPanelUser) session.getAttribute(PageConstants.CONTROL_PANEL_USER);
if ((adminUser == null || adminUser.getBoId() < 1)) { //Send user to login form
filterConfig.getServletContext().getRequestDispatcher(loginForm).forward(request, response);
} else {// Send user to requested page
chain.doFilter(request,response);
}
}
public void destroy() {
this.filterConfig = null;
}
}
凭据检查
public class CheckUserCredentialsCommand implements Command {
public void execute(CommandContext commandContext) throws Exception {
ILoginForm loginForm = new LoginForm();
loginForm.populateFromForm(commandContext);
List<ValidationMessage> messages = loginForm.validate();
if(messages != null && messages.size() > 0){
commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
} else {
ControlPanelUser customer = ControlPanelUserDAO.selectControlPanelUser(loginForm.getEmailAddress(), loginForm.getPasswrd());
if(customer != null){
commandContext.setScopedVariable(PageConstants.CONTROL_PANEL_USER, customer, ScopedContext.SESSION);
} else {
commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
}
}
String referer = commandContext.getRequest().getHeader("referer");
if(referer != null){
referer = referer.substring(referer.lastIndexOf("/") + 1, referer.length());
if("login".equals(referer)){
commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
} else {
commandContext.redirect(commandContext.getRequest().getHeader("referer"));
}
} else {
commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
}
}
}
我的登录条目是http://www.mysite.com/administration/login ,当我登录该页面时,它会提交给 CheckUserCredentialsCommand,这只是一个简单的 servlet。然后,该 servlet 尝试将页面重定向到过滤器后面的页面之一。在过滤器中,它检查用户,如果用户为空,它会转发回登录页面,如果有有效用户,它会遍历过滤器链,这是您从 CheckUserCredentialsCommand 重定向的,现在您的 url 看起来像 http://www.mysite.com/administration/controlpanel/dashboard ,仪表板页面位于过滤器后面,如果没有用户,您将永远无法访问该页面。
关于java - 使用具有特定 url 模式的过滤器时出现无限循环,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16756294/