我是servlet过滤器的新手,我在使用过滤器时遇到了项目中的问题。 我有两个过滤器,AuthenticationFilter和AuthorizationFilter。它们应用于我的netbeans项目中的/ user / *页面,在那里我为每种类型的用户创建了一个索引页面。第一个过滤器进行检查,以便只有经过身份验证的用户才能访问用户页面。然后,第二个过滤器检查所请求的ulr是否对该用户有效并相应地重定向。您可以在下面找到每个过滤器的doFilter方法:
身份验证过滤器:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
HttpServletRequest req = ( HttpServletRequest )request;
HttpServletResponse resp = ( HttpServletResponse ) response;
HttpSession ses = req.getSession( false );
User user = ( User )req.getSession().getAttribute( "user" );
//String url = req.getRequestURI();
if( user == null )
resp.sendRedirect( req.getContextPath()+ "/index.xhtml" );
else
chain.doFilter ( request, response );
}
授权过滤器:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
HttpServletRequest req = ( HttpServletRequest )request;
HttpServletResponse resp = ( HttpServletResponse ) response;
HttpSession ses = req.getSession( false );
User user = ( User )req.getSession().getAttribute( "user" );
String url = req.getRequestURI();
Role role = ( Role ) user.getRole();
if( role != null )
{
int roleId = role.getRoleId();
switch( roleId )
{
case 13:
{
resp.sendRedirect( req.getContextPath()+ "/user/studentIndex.xhtml" );
};break;
case 12:
{
resp.sendRedirect( req.getContextPath()+ "/user/instructorIndex.xhtml" );
};break;
case 11:
{
resp.sendRedirect( req.getContextPath()+ "/user/staffIndex.xhtml" );
};break;
}
}
else
chain.doFilter ( request, response );
}
显然,授权过滤器中的sendRedirect方法会触发身份验证过滤器,因为它们都适用于/ user / *页面,我最终会进入无限循环!我知道将认证和授权逻辑放在同一个过滤器中可以解决我的问题,但有没有办法通过保留两个过滤器来解决它?
提前致谢。