1

我的过滤器出现无限循环。url 模式不是通用的。我似乎无法弄清楚为什么会导致这种情况。这是我的过滤器的映射

<filter>
    <filter-name>AdminAuthentication</filter-name>
    <filter-class>my.filters.AdminAuthFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>AdminAuthentication</filter-name>
    <url-pattern>/admin/addLocation</url-pattern>
    <url-pattern>/admin/deleteLocation</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

这段代码在之前执行chain.doFilter(request, response) 

private void doBeforeProcessing(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {
    if (debug) {
        log("AdminAuthFilter:DoBeforeProcessing");
    }

HttpServletRequest _request = (HttpServletRequest) request; 
    HttpSession session = _request.getSession();
    User user = (User) session.getAttribute("user"); 

    if(user == null) {
        //send redirect somewhere
        HttpServletResponse _response = (HttpServletResponse) response; 
        _response.sendRedirect("login.jsp"); 
        return; 
    }
}

我的问题是,当我在没有登录的情况下转到 admin/addLocation 时,我会得到一个无限重定向, http://localhost:8080/PROJ/admin/admin/admin/admin...否则当我登录时它工作正常。login.jsp 也不在 admin 文件夹中。请帮忙。

4

1 回答 1

1

您的入口点需要在您的过滤器之外。您的重定向很可能。由于用户为空,与 chain.doFilter 战斗。

这是一个简单的登录过滤器,我用来检查用户是否登录并在定义的 url 模式内的会话中。

过滤器描述符

<filter>
    <filter-name>AdminFilter</filter-name>
    <filter-class>com.AdminLoginFilter</filter-class>
    <description>Admin Login Filter</description>
    <init-param>
        <param-name>Admin_login_form</param-name>
        <param-value>/administration/login</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>AdminFilter</filter-name>
    <url-pattern>/administration/controlpanel/*</url-pattern>
</filter-mapping>

小服务程序过滤器

public class AdminLoginFilter implements Filter {

private FilterConfig filterConfig;
private String loginForm; 

public void init(FilterConfig filterConfig) throws ServletException {
    this.filterConfig = filterConfig;
    loginForm = this.filterConfig.getInitParameter("Admin_login_form");
}

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpSession session = httpRequest.getSession();

    ControlPanelUser adminUser = (ControlPanelUser) session.getAttribute(PageConstants.CONTROL_PANEL_USER); 

    if ((adminUser == null || adminUser.getBoId() < 1)) { //Send user to login form
        filterConfig.getServletContext().getRequestDispatcher(loginForm).forward(request, response); 
    } else {// Send user to requested page
        chain.doFilter(request,response); 
    }

}

public void destroy() {
    this.filterConfig = null;
}
}

凭证检查

public class CheckUserCredentialsCommand implements Command {
public void execute(CommandContext commandContext) throws Exception {

    ILoginForm loginForm = new LoginForm();
    loginForm.populateFromForm(commandContext);

    List<ValidationMessage> messages = loginForm.validate();

    if(messages != null && messages.size() > 0){
        commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
    } else {        
        ControlPanelUser customer = ControlPanelUserDAO.selectControlPanelUser(loginForm.getEmailAddress(), loginForm.getPasswrd());
        if(customer != null){
            commandContext.setScopedVariable(PageConstants.CONTROL_PANEL_USER, customer, ScopedContext.SESSION);
        } else {
            commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
        }
    }
    String referer = commandContext.getRequest().getHeader("referer");
    if(referer != null){
        referer = referer.substring(referer.lastIndexOf("/") + 1, referer.length());
        if("login".equals(referer)){
            commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
        } else {
            commandContext.redirect(commandContext.getRequest().getHeader("referer"));
        }
    } else {
        commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
    }
}

}

我的登录条目是http://www.mysite.com/administration/login,当我登录该页面时,它提交给 CheckUserCredentialsCommand 这只是一个简单的 servlet。然后,该 servlet 尝试将页面重定向到过滤器后面的页面之一。在过滤器中检查用户,如果用户为空,它会转发回登录页面,如果有有效用户,它会通过过滤器链,这是您从 CheckUserCredentialsCommand 重定向的,现在您的网址看起来像http:/ /www.mysite.com/administration/controlpanel/dashboard,仪表板页面位于过滤器后面,如果没有用户,您将永远无法访问该页面。

于 2013-05-26T05:04:29.890 回答