无法编写用于登录的过滤器
Unable to write a Filter which serves for Login
我写了一个过滤器并在 web.xml 下声明了它,如下所示
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<filter>
<display-name>SessionAuthenticationFilter</display-name>
<filter-name>SessionAuthenticationFilter</filter-name>
<filter-class>com.jsp.auth.SessionAuthenticationFilter</filter-class>
<init-param>
<param-name>skipthis</param-name>
<param-value>01-login.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
这是我的过滤器文件
package com.jsp.auth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SessionAuthenticationFilter implements Filter {
private FilterConfig filterConfig = null;
public SessionAuthenticationFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(true);
String loginpageuri = filterConfig.getInitParameter("skipthis");
String requesturi = request.getRequestURI();
System.out.println("The requesturi is"+requesturi);
if(!requesturi.endsWith(loginpageuri))
{
String isloggoed = (String)session.getAttribute("LOGIN_USER");
System.out.println("The isloggoed value is"+isloggoed);
if(isloggoed==null||isloggoed.equals("")||isloggoed.isEmpty())
{
response.sendRedirect("http://xxx.xx.xx:8080/admin/01-login.html");
return ;
}
else
{
chain.doFilter(req, res);
}
}
else
{
chain.doFilter(req, res);
}
}
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
}
这些是我在服务器控制台中获得的日志。 (它还阻止所有 .css .js 文件)
The isloggoed value isnull
The requesturi is/AdminE/assets/css/style-metro.css
The isloggoed value isnull
The requesturi is/AdminE/assets/css/style-responsive.css
The isloggoed value isnull
The requesturi is/AdminE/assets/css/themes/default.css
The isloggoed value isnull
如果我在 web.xml 中将 url-pattern 更改为这种方式
/*.html
我收到 HTTP 状态 404 - /AdminE/01-login.html
谁能帮我解决这个问题?
根据Java Servlet Specification,url-pattern应该是:
- A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping.
- A string beginning with a ‘*.’ prefix is used as an extension mapping.
- The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e., requests of the form
http://host:port/<contextroot>/. In this case the path info is ’/’ and
the servlet path and context path is empty string ("").
- A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the
request URI minus the context path and the path info is null.
- All other strings are used for exact matches only.
因此,据此,模式 /*.html 将按字面解释,而 * 将不会充当通配符。尝试使用 *.html 代替(没有前导斜杠)。
如果我正确理解了您的问题,那么您正试图将过滤器用作保护整个应用程序的登录服务。如果不想重复造轮子,也可以看看优秀的shiro or Spring security.
如果你喜欢自己滚动,你应该给你的过滤器更多参数:
- 登录页面的地址(它必须让它通过并在以前未登录时重定向到它)- 好的,你有它
- 要忽略的模式列表,因为 servlet 规范(请参阅 David Levesque 的回答)不够通用 - 或者,您可以使用正逻辑来提供要过滤的模式列表。使用简单的扩展名(.js、.css、.gif、...)比使用完整模式要简单得多,因为
String.endsWith 就足够了。
我还建议您在 Filter.init 方法中完成所有参数管理,而不是为每个请求重复它。通常在您的代码中,属性应该是 String loginpageuri,而 init 方法应该是:
public void init(FilterConfig filterConfig) {
loginpageuri = filterConfig.getInitParameter("skipthis");
}
我写了一个过滤器并在 web.xml 下声明了它,如下所示
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<filter>
<display-name>SessionAuthenticationFilter</display-name>
<filter-name>SessionAuthenticationFilter</filter-name>
<filter-class>com.jsp.auth.SessionAuthenticationFilter</filter-class>
<init-param>
<param-name>skipthis</param-name>
<param-value>01-login.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
这是我的过滤器文件
package com.jsp.auth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SessionAuthenticationFilter implements Filter {
private FilterConfig filterConfig = null;
public SessionAuthenticationFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(true);
String loginpageuri = filterConfig.getInitParameter("skipthis");
String requesturi = request.getRequestURI();
System.out.println("The requesturi is"+requesturi);
if(!requesturi.endsWith(loginpageuri))
{
String isloggoed = (String)session.getAttribute("LOGIN_USER");
System.out.println("The isloggoed value is"+isloggoed);
if(isloggoed==null||isloggoed.equals("")||isloggoed.isEmpty())
{
response.sendRedirect("http://xxx.xx.xx:8080/admin/01-login.html");
return ;
}
else
{
chain.doFilter(req, res);
}
}
else
{
chain.doFilter(req, res);
}
}
public void init(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
}
这些是我在服务器控制台中获得的日志。 (它还阻止所有 .css .js 文件)
The isloggoed value isnull
The requesturi is/AdminE/assets/css/style-metro.css
The isloggoed value isnull
The requesturi is/AdminE/assets/css/style-responsive.css
The isloggoed value isnull
The requesturi is/AdminE/assets/css/themes/default.css
The isloggoed value isnull
如果我在 web.xml 中将 url-pattern 更改为这种方式 /*.html
我收到 HTTP 状态 404 - /AdminE/01-login.html
谁能帮我解决这个问题?
根据Java Servlet Specification,url-pattern应该是:
- A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping.
- A string beginning with a ‘*.’ prefix is used as an extension mapping.
- The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e., requests of the form
http://host:port/<contextroot>/. In this case the path info is ’/’ and the servlet path and context path is empty string ("").- A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
- All other strings are used for exact matches only.
因此,据此,模式 /*.html 将按字面解释,而 * 将不会充当通配符。尝试使用 *.html 代替(没有前导斜杠)。
如果我正确理解了您的问题,那么您正试图将过滤器用作保护整个应用程序的登录服务。如果不想重复造轮子,也可以看看优秀的shiro or Spring security.
如果你喜欢自己滚动,你应该给你的过滤器更多参数:
- 登录页面的地址(它必须让它通过并在以前未登录时重定向到它)- 好的,你有它
- 要忽略的模式列表,因为 servlet 规范(请参阅 David Levesque 的回答)不够通用 - 或者,您可以使用正逻辑来提供要过滤的模式列表。使用简单的扩展名(.js、.css、.gif、...)比使用完整模式要简单得多,因为
String.endsWith就足够了。
我还建议您在 Filter.init 方法中完成所有参数管理,而不是为每个请求重复它。通常在您的代码中,属性应该是 String loginpageuri,而 init 方法应该是:
public void init(FilterConfig filterConfig) {
loginpageuri = filterConfig.getInitParameter("skipthis");
}