Java 在jsp和Servlet过滤器中获取相同的会话对象?
我正在为jsp页面中的会话对象设置一个属性,如下所示:Java 在jsp和Servlet过滤器中获取相同的会话对象?,java,jsp,jakarta-ee,servlets,Java,Jsp,Jakarta Ee,Servlets,我正在为jsp页面中的会话对象设置一个属性,如下所示: String remoteAddr = request.getRemoteAddr(); session.setAttribute("remoteAddr",remoteAddr); 然后,我尝试在servlet过滤器中检索该会话属性: public void doFilter(ServletRequest request, ServletResponse response, FilterC
String remoteAddr = request.getRemoteAddr();
session.setAttribute("remoteAddr",remoteAddr);
然后,我尝试在servlet过滤器中检索该会话属性:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String remoteIP = httpServletRequest.getSession(false).getAttribute("remoteAddr");
}
但是我在这里得到了session对象的null值。在这里获取相同会话对象的正确方法是什么?该方法可能返回null
如果create为false并且请求没有有效的HttpSession,则此方法返回null
根据执行chain.doFilter(请求、响应)的时间,可以在请求资源之前或请求资源之后调用代码>
在您的情况下,您似乎在执行jsp之前查询会话,即执行以下操作:
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String remoteIP = (String) httpServletRequest.getSession(false).getAttribute("remoteAddr");
// pass the request along the filter chain
chain.doFilter(request, response);
String remoteIP= request.getRemoteAddr();
if(remoteIP.matches("some pattern")) {
((HttpServletResponse)response).setStatus(HttpServletResponse.SC_FORBIDDEN);
} else {
// pass the request along the filter chain
chain.doFilter(request, response);
}
改成
// pass the request along the filter chain
chain.doFilter(request, response);
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String remoteIP = (String) httpServletRequest.getSession(false).getAttribute("remoteAddr");
将使其正常工作,但我怀疑您是否打算这样做,因为您可能希望检查远程IP并决定是否允许访问或拒绝访问请求的资源,在这种情况下,您可能希望执行以下操作:
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String remoteIP = (String) httpServletRequest.getSession(false).getAttribute("remoteAddr");
// pass the request along the filter chain
chain.doFilter(request, response);
String remoteIP= request.getRemoteAddr();
if(remoteIP.matches("some pattern")) {
((HttpServletResponse)response).setStatus(HttpServletResponse.SC_FORBIDDEN);
} else {
// pass the request along the filter chain
chain.doFilter(request, response);
}
您确定request.getRemoteAddr()
一开始没有给您一个空值吗?