我在Netbeans 7.4中创建了一个java web-app MySQL作为DB。我使用过滤器来控制未经授权的访问,但它无法正常工作。我有我的index.jsp(作为登录页面),home.jsp和Add_Details.jsp文件。我希望当session为null或者用户尝试访问其他页面(index.jsp除外)时,它们会重定向到index.jsp。但它不起作用。这是我的代码: -
AuthenticationFilter.java
package Filters;
//all mandatory files are imported.
public class AuthenticationFilter implements Filter {
private ServletContext context;
@Override
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
this.context.log("AuthenticationFilter initialized");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String uri = req.getRequestURI();
this.context.log("Requested Resource::" + uri);
HttpSession session = req.getSession(false);
if (session == null && !(uri.endsWith("index.jsp") || !uri.endsWith("Bucket/") || !uri.endsWith("LoginServlet")))
{
this.context.log("Unauthorized access request");
res.sendRedirect("index.jsp");
} else {
// pass the request along the filter chain
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// close any resources here
}
}
LogingRequestFilter.java
public class LoggingRequestFilter implements Filter {
private ServletContext context;
@Override
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
this.context.log("RequestLoggingFilter initialized");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
Enumeration<String> params = req.getParameterNames();
while (params.hasMoreElements()) {
String name = params.nextElement();
String value = request.getParameter(name);
this.context.log(req.getRemoteAddr() + "::Request Params::{" + name
+ "=" + value + "}");
}
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
this.context.log(req.getRemoteAddr() + "::Cookie::{"
+ cookie.getName() + "," + cookie.getValue() + "}");
}
}
// pass the request along the filter chain
chain.doFilter(request, response);
}
@Override
public void destroy() {
// we can close resources here
}
}
Web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>LoggingRequestFilter</filter-name>
<filter-class>com.org.king.Filters.LoggingRequestFilter</filter-class>
</filter>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>com.org.king.Filters.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoggingRequestFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>
答案 0 :(得分:0)
我建议在Servlet过滤器中设置断点并遍历代码,以了解为什么执行流程没有进入“if”块:
if (session == null && !(uri.endsWith("index.jsp") || !uri.endsWith("Bucket/") || !uri.endsWith("LoginServlet")))
{
另外,如果你是从头开始实现这个,你可能想要保持像“DTSTTCPW”和“YAGNI”这样的思想原则。 * DTSTTCPW =做最简单的事情 ** YAGNI =你不需要它
捷克出局: Java Filter to redirect users who are not logged in to login page
答案 1 :(得分:0)
前几天我遇到了类似的问题。
以这种方式检查会话是否为空是不够的。你可能有一个绑定到该会话的对象。我有用户例如。在登录页面中,我将用户对象绑定到会话。
检查该对象是否为null。不要使用会话。
因为浏览器可能已创建会话或会话可能是新的,但您尚未向其提供任何登录信息。