Servlet过滤器无法正常工作

时间:2014-09-01 10:39:41

标签: java mysql servlet-filters

我在Netbeans 7.4中创建了一个java web-app MySQL作为DB。我使用过滤器来控制未经授权的访问,但它无法正常工作。我有我的index.jsp(作为登录页面),home.jsp和Add_Details.jsp文件。我希望当session为null或者用户尝试访问其他页面(index.jsp除外)时,它们会重定向到index.jsp。但它不起作用。这是我的代码: -

AuthenticationFilter.java

package Filters;
 //all mandatory files are imported.

public class AuthenticationFilter implements Filter {

    private ServletContext context;

    @Override
    public void init(FilterConfig fConfig) throws ServletException {
        this.context = fConfig.getServletContext();
        this.context.log("AuthenticationFilter initialized");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;

        String uri = req.getRequestURI();
        this.context.log("Requested Resource::" + uri);

        HttpSession session = req.getSession(false);

        if (session == null && !(uri.endsWith("index.jsp") || !uri.endsWith("Bucket/") || !uri.endsWith("LoginServlet"))) 
        {
            this.context.log("Unauthorized access request");
            res.sendRedirect("index.jsp");
        } else {
            // pass the request along the filter chain
            chain.doFilter(request, response);
        }

    }

    @Override
    public void destroy() {
        // close any resources here
    }
}

LogingRequestFilter.java

public class LoggingRequestFilter implements Filter {

    private ServletContext context;

    @Override
    public void init(FilterConfig fConfig) throws ServletException {
        this.context = fConfig.getServletContext();
        this.context.log("RequestLoggingFilter initialized");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        Enumeration<String> params = req.getParameterNames();
        while (params.hasMoreElements()) {
            String name = params.nextElement();
            String value = request.getParameter(name);
            this.context.log(req.getRemoteAddr() + "::Request Params::{" + name
                    + "=" + value + "}");
        }

        Cookie[] cookies = req.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                this.context.log(req.getRemoteAddr() + "::Cookie::{"
                        + cookie.getName() + "," + cookie.getValue() + "}");
            }
        }
        // pass the request along the filter chain
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
        // we can close resources here
    }
}

Web.xml中

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <filter>
        <filter-name>LoggingRequestFilter</filter-name>
        <filter-class>com.org.king.Filters.LoggingRequestFilter</filter-class>
    </filter>
    <filter>
        <filter-name>AuthenticationFilter</filter-name>
        <filter-class>com.org.king.Filters.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>LoggingRequestFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>AuthenticationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
</web-app>

2 个答案:

答案 0 :(得分:0)

我建议在Servlet过滤器中设置断点并遍历代码,以了解为什么执行流程没有进入“if”块:

if (session == null && !(uri.endsWith("index.jsp") || !uri.endsWith("Bucket/") || !uri.endsWith("LoginServlet"))) 
{

另外,如果你是从头开始实现这个,你可能想要保持像“DTSTTCPW”和“YAGNI”这样的思想原则。 * DTSTTCPW =做最简单的事情 ** YAGNI =你不需要它

捷克出局: Java Filter to redirect users who are not logged in to login page

答案 1 :(得分:0)

前几天我遇到了类似的问题。

以这种方式检查会话是否为空是不够的。你可能有一个绑定到该会话的对象。我有用户例如。在登录页面中,我将用户对象绑定到会话。

检查该对象是否为null。不要使用会话。

因为浏览器可能已创建会话或会话可能是新的,但您尚未向其提供任何登录信息。