我已经在 JSF问题中使用这个基本安全性实现了授权过滤器,如下所示,它为应用程序的每个页面(每个页面)调用,以检查是否允许用户访问该页面。过滤器的 Grunt 代码如下
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpServletResponse httpResponse = (HttpServletResponse)response;
HttpSession session = httpRequest.getSession();
String requestPath = httpRequest.getPathInfo();
String sevPath = httpRequest.getServletPath();
if (sevPath.equals("/pages/login.jsf"))
chain.doFilter(request, response);
if (!sevPath.equals("/pages/login.jsf"))
{
if (((HttpServletRequest) request).getSession().getAttribute(
AuthenticationBean.AUTH_USER) == null)
{
((HttpServletResponse) response).sendRedirect("/pages/login.jsf");
}
else
{
//..........................get user
AuthenticationBean user = null;
try
{
error: user = (AuthenticationBean) FacesContext.getCurrentInstance().
getExternalContext().getSessionMap().get("authenticationBean");
}
catch (Exception ex)
{
ex.printStackTrace();
}
finally
{
}
//...................................
if (!user.getCurrentUser().getUserRole().equals("ADMIN"))
{
httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND,"Restricted Access");
}
else
{
chain.doFilter(request, response);
}
}
}
}
我在上面的代码中以错误为前缀的行得到 NullPointerException。我不能直接在过滤器中引用吗?或者还有什么可能是导致此错误的原因。提前致谢。