我已经实现了一个带有用户身份验证的简单Web应用程序,并尝试在用户未登录时添加一个过滤器以重定向到登录页面。过滤器在应该的时候正确地进行重定向,但是当用户登录时,仍会重定向到登录页面。
是否有任何特定方法需要调用,以防不需要重定向(除了filterChain#doFilter),或者我的代码中是否还有其他错误?
以下是课程和页面:
登录页面:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login page</title>
</head>
<body>
<form method= "post" action="login" name="Login Form" id="login-form">
<h2>login</h2>
<label for="username">username</label><input name="username" type="text" id="username" />
<br>
<label for="password">password</label><input name="password" type="password" id="password" />
<br>
<input type="submit" value="login" id="submitButton" />
</form>
</body>
</html>
登录处理程序:
package control;
import model.User;
import repository.DAOFactory;
import repository.UserDAO;
import util.PasswordHasher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
@WebServlet(name = "loginHandler", urlPatterns = {"/login"})
public class loginHandler extends HttpServlet{
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException{
UserDAO dao = DAOFactory.getInstance().getUserDAO();
String username = request.getParameter("username");
try {
if(dao.validateUserLogin(username,request.getParameter("password"))>0) {
HttpSession session = request.getSession();
session.setAttribute("username",username);
session.setMaxInactiveInterval(30*60);
Cookie cookie = new Cookie("username",username);
cookie.setMaxAge(30*60);
response.addCookie(cookie);
User user = dao.getUserByUsername(username);
user.setLastHashedSessionID(PasswordHasher.hashPassword(session.getId(),user.getSalt()));
dao.updateUser(user);
response.sendRedirect("page.html");
}
else
request.getRequestDispatcher("error.html").forward(request,response);
} catch (IOException e) {
e.printStackTrace();
}
}
}
身份验证过滤器:
package control;
import model.User;
import repository.DAOFactory;
import repository.UserDAO;
import util.PasswordHasher;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebFilter(urlPatterns = {"/page.html"})
public class authenticationFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if(request instanceof HttpServletRequest) {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
System.out.print("Checking username in session...");
if(session.getAttribute("username") == null) {
System.out.println("FAILED!");
System.out.println("Redirect needed, no username in session!");
req.getRequestDispatcher("login.html").forward(request, response);
return;
}
System.out.println("OK");
User user;
UserDAO dao = DAOFactory.getInstance().getUserDAO();
String username = ((HttpServletRequest) request).getSession().getAttribute("username").toString();
user = dao.getUserByUsername(username);
System.out.print("Checking session ID...");
if(!user.getLastHashedSessionID().equals(PasswordHasher.hashPassword(session.getId(),user.getSalt()))) {
System.out.println("FAILED!");
session.invalidate();
req.getRequestDispatcher("login.html").forward(request,response);
System.out.println("Redirect needed, invalid session!");
return;
}
else {
System.out.println("OK");
chain.doFilter(request, response);
}
}
System.out.println("end of doFilter!");
}
@Override
public void destroy() {
}
}