我正面临过滤器身份验证问题,我已经使用过滤器身份验证来验证用户是否可以访问应用程序,但问题是我正在开发该Web应用程序的API,如果用户未登录Web我的API不工作它重定向到用户登录,如何处理这个,我尝试了很多方法来处理这个问题,但没有找到完整的结果。
这是我的web.xml:
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.web.product.login.AuthorizationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是授权过滤器:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest) request;
UserLoginBean auth = (UserLoginBean) req.getSession().getAttribute("user");
System.out.println("req.getRequestURI()="+req.getRequestURI());
if ((auth != null && auth.isLoggedIn())
|| req.getRequestURI().startsWith("/Product/UserLogin.xhtml")
|| req.getRequestURI().startsWith("/Product/javax.faces.resource")
){
System.out.println("Filter Success");
chain.doFilter(request, response);
} else {
System.out.println("Filter failure");
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath() + "/UserLogin.xhtml");
}
}