Question

嗨，我正在研究一个Web应用程序，并在调用web.xml中提到的servlet时遇到问题。

这是我的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">

     <servlet>
            <servlet-name>FileServlet</servlet-name>
            <servlet-class>com.tpg.fileserver.FileServlet</servlet-class>
     </servlet>
    <servlet-mapping>
            <servlet-name>FileServlet</servlet-name>
            <url-pattern>/*</url-pattern>
        </servlet-mapping>
    <filter>
            <filter-name>AuthorizationFilter</filter-name>
            <filter-class>com.tpg.fileserver.AuthorizationFilter</filter-class>
      </filter>
      <filter-mapping>
            <filter-name>AuthorizationFilter</filter-name>
            <url-pattern>/*</url-pattern>
      </filter-mapping>

  </web-app>

问题在于，当我尝试运行我的应用程序时，我希望首先运行Authroization Filter，然后运行File Servelet。现在正在发生的事情与我想要的相反。我也尝试使用0作为File Servelet但是没有帮助.Below提到的是我的Filter类代码。

public class AuthorizationFilter implements Filter  {

    private static final String kNotAuthorizedUrl = "/NotAuthorized.html";
    private static final String kTrustedHostsFileName = "trusted_hosts.txt";
    private static final String kPublicFilesFileName = "public_files.txt";

    private static final String TRUSTED_HOSTS = "TRUSTED_HOSTS";
    private static final String PUBLIC_FILES = "PUBLIC_FILES";
    private static Properties itsProperties = null;
    public static final String kPropertySingleSignOnURL = "sso-url";
    private static final String kPropertiesFileName = "metadata.properties";
    private static boolean itsInitialized = false;

    private static synchronized void initialize() {
        if (!itsInitialized) {
            try {
                ProductMetadataAPI.setProduct(Version.kProductName, Version.kPhysical);
                System.out.println("Inside Initialize");
                PersistenceAPI.isDebugging = true;
                JNDIConnectionFactory connFactory = new JNDIConnectionFactory("DataSource"); // IDB

                SingleSignOnAuthenticator.setAuthenticationUrl(ConfigurationUtils.getProperties().getProperty(kPropertySingleSignOnURL));

                SecurityAPI.setSecurity(
                    SecurityAPI.makeSecurity(
                        new StandardFactory(),
                        new PersistenceRepository(connFactory),
                        new CommonsBase64Codec(),
                        new SingleSignOnAuthenticator()));

                itsInitialized = true;
            } catch (Throwable e) {
                LoggerClass.logErr(e);
            }
        }
    }

    private void requestAuthentication(HttpServletResponse response) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        response.addHeader("WWW-Authenticate", "BASIC Realm=\"Single Sign-on\"");
        LoggerClass.logInfoMsg("SSO not set. redirecting to siteminder......");
    }


    public void doFilter(ServletRequest inRequest, ServletResponse inResponse, FilterChain chain) throws IOException, ServletException {
        try {
            HttpServletRequest request = (HttpServletRequest) inRequest;
            HttpServletResponse response = (HttpServletResponse) inResponse;
            System.out.println("Before Setting Serervlet Context");
            ConfigurationUtils.setCurrentServletContext(request.getSession().getServletContext());
            System.out.println("After Setting Serervlet Context");
            initialize();

            if (request instanceof HttpServletRequest && (request.getMethod().equals("GET") || request.getMethod().equals("POST"))) {
                String remoteHost = "", authorization = "", userName = "", password = "";
                HttpServletRequest r = (HttpServletRequest)request;
                Enumeration<String> e = r.getHeaderNames();
                while (e.hasMoreElements()) {
                    String headerName = e.nextElement();
                    LoggerClass.logInfoMsg(headerName + "=" + r.getHeader(headerName));
                }
                LoggerClass.logDebugMsg("Proxy-Client-IP is :" + r.getHeader("Proxy-Client-IP"));
                LoggerClass.logDebugMsg("Remote-Address-IP is :" + r.getRemoteAddr());


                remoteHost = r.getHeader("Proxy-Client-IP");
                if (remoteHost == null) {
                    remoteHost = r.getRemoteAddr();
                    LoggerClass.logDebugMsg("Remote-Address-IP ["+remoteHost + "] is requesting " + r.getRequestURI());
                }else{
                    LoggerClass.logDebugMsg("Proxy-Client-IP ["+remoteHost + "] is requesting " + r.getRequestURI());
                }

                authorization = r.getHeader("Authorization");
                if (authorization != null) {
                    final int index = authorization.indexOf(' ');
                    if (index > 0) {
                        final String[] credentials = StringUtils.split(new String(Base64.decodeBase64(authorization.substring(index))), ':');

                        if (credentials.length == 2) {
                            userName = credentials[0].toUpperCase();
                            password = credentials[1];
                        }
                    }
                }

                if (isSiteminderAuthenticationPresent(r)) {
                    LoggerClass.logInfoMsg("Inside Siteminder Logic ......");
                    chain.doFilter(request, response);
                    return;
                } else if (isPublic(request) || isTrusted(remoteHost)) {
                    LoggerClass.logInfoMsg("Inside Public/Trusted Host Logic ......");
                    chain.doFilter(request, response);
                    return;
                } else if (!isBasicAuthenticationPresent(userName, password)) {
                    LoggerClass.logInfoMsg("Failed in Basic Authentication Present.....");
                    requestAuthentication(response);
                } else if (!isBasicAuthenticationValid(r.getSession(), userName, password)) {
                    LoggerClass.logInfoMsg("Failed in Basic Authentication Validation.....");
                    requestAuthentication(response);
                } else {
                    chain.doFilter(request, response);
                }
            }
            response.sendRedirect(request.getContextPath() + kNotAuthorizedUrl);
        } catch (Exception e) {
            LoggerClass.logErr(e);
            throw new RuntimeException(e);
        }
    }
}

下面提到的是我的Servlet部分代码：

public class FileServlet extends HttpServlet
{
public FileServlet()
    {
         System.out.println("In fileServlet");
         this.itsRootDir = Common.getRequiredProperty(Common.kPropertyRootDir);
            // some business logic
    }
@Override public void doGet(HttpServletRequest inRequest, HttpServletResponse inResponse)
    throws ServletException, IOException
    {
        String theRelFileName = Common.extractFileName(inRequest, false);
        String theFileName = this.itsRootDir + theRelFileName;
        File theFile = new File(theFileName);
     //Some more Business Logic
}
}

下面是我在应用程序日志中获得的Sysout日志。在这里，我注意到一件奇怪的事首先调用File Servlet，然后是Authorization Filter，然后再调用File Servlet。

[8/8/14 0:54:05:109 EDT] 0000002b SystemOut     O In fileServlet
[8/8/14 0:54:05:161 EDT] 0000002b SystemOut     O In Authoriazation Filter
[8/8/14 0:54:05:232 EDT] 0000002b SystemOut     O In fileServlet

Answer 1

filters始终在webapp's启动期间按照web.xml中的定义初始化servlets。

url-pattern默认情况下仅在web.xml的第一个HTTP请求期间初始化。

因此，在这种情况下，首先会解析网络应用Filter，web.xml中找到的每个server's memory都会被创建一次并保存在/*

现在，当请求来自类似servlet的网址格式时，容器会查找该模式，找到servlet的映射，以便初始化filter。然后，为了处理请求，/*被调用。

要解决此问题，您可以更改servlet的url模式。当用户输入某些url模式时，如url pattern重定向到过滤器类，如果他成功进行身份验证，则重定向到使用其他error page指定的servlet或者重定向到{{1}}

Answer 2

上述问题的答案是FileServlet中存在的构造函数在执行过滤器之前正在调用。为了解决这个问题，我将构造函数更改为在Servlet的doget（）方法中调用的公共方法。在此更改之后，首先调用过滤器，然后调用servlet。

如何按顺序调用Servlet和Filter

2 个答案: