0

我为我的拍卖网络应用程序制作了两个过​​滤器。我实现了两个过滤器,第一个执行简单的日志记录操作,第二个检查用户是否有权访问特定资源。

问题是这些过滤器只有在我第一次连接到网站时才能正常工作。事实上,它会在工具栏中显示用户的名称,并且只有在您正确登录时才会发生这种情况。之后,我注销并重复该过程,但第二个过滤器根本不起作用。

我放置了 println 语句来检查过滤器是否实际执行,但事实并非如此。第一个过滤器不断工作。当我更改 xml 映射时,会出现奇怪的部分。事实上,当我为两个过滤器取出映射时,第一个过滤器继续工作!我昨天一整天都在发疯,试图理解这一点。

更奇怪的是,如果我重写过滤器的 xml 映射,它们在第一次登录过程中都起作用,但是,一旦我注销并重复操作,登录过滤器就不再起作用了。为了制作我的 Web 应用程序,我只是 JAVA7、netbeans 7.2 和 Tomcat 7。我担心这可能是 Netbeans IDEA 的错误,但我不确定。

xml映射如下:

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<filter>
    <filter-name>FiltroLoggingFumettopoli</filter-name>
    <filter-class>Filtri.FiltroLoggingFumettopoli</filter-class>
</filter>
<filter-mapping>
    <filter-name>FiltroLoggingFumettopoli</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter>
    <filter-name>FiltroLogin</filter-name>
    <filter-class>Filtri.FiltroLogin</filter-class>
</filter>
<filter-mapping>
    <filter-name>FiltroLogin</filter-name>
    <url-pattern>/Registrato/*</url-pattern>
    <servlet-name>IlMioConto</servlet-name>
    <servlet-name>Vendi</servlet-name>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>**

这是在日志文件中进行日志记录的第一个过滤器:

private void doBeforeProcessing(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {
    if (debug) {
        log("FiltroLoggingFumettopoli:DoBeforeProcessing");
    }


    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;


    this.log(httpRequest.getRemoteHost()+" is trying to access page: "+httpRequest.getRequestURL()+
                " il "+TimeUtility.ottieniDataOra()+". "+filterConfig.getFilterName());
    System.out.println("FILTRO FILE DI LOG----> LOGGING OCCURED IN LOG FILE: "
            +httpRequest.getRequestURL()+" il "+TimeUtility.ottieniDataOra()+". "+filterConfig.getFilterName());
}    

private void doAfterProcessing(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {
    if (debug) {
        log("FiltroLoggingFumettopoli:DoAfterProcessing");
    }
}


public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain)
        throws IOException, ServletException {

    doBeforeProcessing(request, response);

    Throwable problem = null;
    try {
        chain.doFilter(request, response);
    } catch (Throwable t) {

        problem = t;
        t.printStackTrace();
    }

    doAfterProcessing(request, response);


    if (problem != null) {
        if (problem instanceof ServletException) {
            throw (ServletException) problem;
        }
        if (problem instanceof IOException) {
            throw (IOException) problem;
        }
        sendProcessingError(problem, response);
    }
}

这是一个过滤器,它检查是否是授权用户想要访问包含在 Registrato 文件夹中的资源,以及一些 servlet:

public class FiltroLogin implements Filter
{    
private FilterConfig filterConfig = null;

public void init(FilterConfig filterConfig)
{
    this.filterConfig = filterConfig;
}

public void doFilter(ServletRequest request,ServletResponse response, 
     FilterChain chain) throws IOException, ServletException
{

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    HttpSession sessione = httpRequest.getSession();

    ServletContext sc = filterConfig.getServletContext();

    String filterName = filterConfig.getFilterName();
    String servletPath = "Servlet path: " + httpRequest.getServletPath();

    String url ="";

    Utente user = null;
    user = (Utente) sessione.getAttribute("utente");
    if(user == null){

        Cookie[] cookies =httpRequest.getCookies();
        String email = CookieUtility.ottieniValoreCookie(cookies, "userCookie");
        if(email.equalsIgnoreCase("")){               
            System.out.println("FILTRO LOGIN----->NESSUN COOKIE TROVATO!");
            System.out.println("FILTRO LOGIN----->SERVLET CONTEXT: "+sc.getContextPath());


            url ="/MostraInserzioni";
            httpResponse.sendRedirect(sc.getContextPath()+url);
            return;
        }
        else{
            System.out.println("FILTRO LOGIN----->COOKIE TROVATO: "+email); 
            user = UtenteSql.cercaUtente(email);
            System.out.println("FILTRO LOGIN----->UTENTE TROVATO: "+user.getUsername());
            sessione.setAttribute("utente", user);     
            String salutoUtente = "Benvenuto "+user.getNome();
            sessione.setAttribute("messaggio", salutoUtente);

        }
    }
    else
        System.out.println("FILTRO LOGIN----->USER FOUND: "+user.getUsername());


     sc.log(httpRequest.getRemoteHost()+" cerca di accedere alla risorsa: "+httpRequest.getRequestURL()+
                " il "+TimeUtility.ottieniDataOra()+". "+filterConfig.getFilterName());
    System.out.println("FILTRO FILE DI LOG----> LOGGING OCCURED IN LOG FILE: "
            +httpRequest.getRequestURL()+" il "+TimeUtility.ottieniDataOra()+". "+filterConfig.getFilterName());
    chain.doFilter(request, response);

}

public void destroy()
{
     filterConfig = null;
}
}
4

1 回答 1

1

简单user = sessione == null ? null : (Utente) sessione.getAttribute("utente");和之后else {sessione = httpRequest.getSession(true);防止为非用户保留会话。– 乔普·埃根昨天

HttpSession sessione = httpRequest.getSession(false);
if (sessione == null) {
    System.out.println("FILTRO LOGIN----->USER NOT FOUND IN SESSION!");

– Salvatore Servodio 44 分钟前

然后我检查了饼干。如果我找到我需要的 cookie,我只需创建一个新会话并将用户信息放入会话中,否则我只需重定向到登录页面

于 2013-05-23T08:24:49.147 回答