我的过滤器无限循环。 url-pattern不是通用的。我似乎无法弄清楚为什么会造成这种情况。这是我的过滤器的映射
<filter>
<filter-name>AdminAuthentication</filter-name>
<filter-class>my.filters.AdminAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminAuthentication</filter-name>
<url-pattern>/admin/addLocation</url-pattern>
<url-pattern>/admin/deleteLocation</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
此代码在chain.doFilter(request, response)
private void doBeforeProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (debug) {
log("AdminAuthFilter:DoBeforeProcessing");
}
HttpServletRequest _request = (HttpServletRequest) request;
HttpSession session = _request.getSession();
User user = (User) session.getAttribute("user");
if(user == null) {
//send redirect somewhere
HttpServletResponse _response = (HttpServletResponse) response;
_response.sendRedirect("login.jsp");
return;
}
}
我的问题是当我在没有登录的情况下进入admin / addLocation时,我得到了无限重定向
http://localhost:8080/PROJ/admin/admin/admin/admin...否则它在我登录时工作正常。 login.jsp也不在admin文件夹中。请帮忙。
答案 0 :(得分:1)
您的入口点必须在过滤器之外。您的重定向是可能的。由于用户为空的事实而与chain.doFilter作斗争。
这是一个简单的登录过滤器,用于检查用户是否已登录并在定义的url模式中的会话中。
过滤器描述符
<filter>
<filter-name>AdminFilter</filter-name>
<filter-class>com.AdminLoginFilter</filter-class>
<description>Admin Login Filter</description>
<init-param>
<param-name>Admin_login_form</param-name>
<param-value>/administration/login</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AdminFilter</filter-name>
<url-pattern>/administration/controlpanel/*</url-pattern>
</filter-mapping>
Servlet过滤器
public class AdminLoginFilter implements Filter {
private FilterConfig filterConfig;
private String loginForm;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
loginForm = this.filterConfig.getInitParameter("Admin_login_form");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
ControlPanelUser adminUser = (ControlPanelUser) session.getAttribute(PageConstants.CONTROL_PANEL_USER);
if ((adminUser == null || adminUser.getBoId() < 1)) { //Send user to login form
filterConfig.getServletContext().getRequestDispatcher(loginForm).forward(request, response);
} else {// Send user to requested page
chain.doFilter(request,response);
}
}
public void destroy() {
this.filterConfig = null;
}
}
凭证检查
public class CheckUserCredentialsCommand implements Command {
public void execute(CommandContext commandContext) throws Exception {
ILoginForm loginForm = new LoginForm();
loginForm.populateFromForm(commandContext);
List<ValidationMessage> messages = loginForm.validate();
if(messages != null && messages.size() > 0){
commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
} else {
ControlPanelUser customer = ControlPanelUserDAO.selectControlPanelUser(loginForm.getEmailAddress(), loginForm.getPasswrd());
if(customer != null){
commandContext.setScopedVariable(PageConstants.CONTROL_PANEL_USER, customer, ScopedContext.SESSION);
} else {
commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
}
}
String referer = commandContext.getRequest().getHeader("referer");
if(referer != null){
referer = referer.substring(referer.lastIndexOf("/") + 1, referer.length());
if("login".equals(referer)){
commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
} else {
commandContext.redirect(commandContext.getRequest().getHeader("referer"));
}
} else {
commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
}
}
}
我的登录条目是http://www.mysite.com/administration/login,当我登录该页面时,它会提交给CheckUserCredentialsCommand,它只是一个简单的servlet。然后该servlet尝试将页面重定向到过滤器后面的一个页面。在过滤器中它检查用户,如果用户为空它转发回登录页面,如果有一个有效用户它通过过滤器链,这是你从CheckUserCredentialsCommand重定向,现在你的url看起来像{{3 ,仪表板页面位于过滤器后面,如果没有用户,则永远无法访问该页面。