Java 会话不会失效
我正在尝试编写一个过滤器,它检查用户是否已登录,万一并没有将其重定向到登录页面。以前我有一个过滤器,它实际上什么都没做-u-在这里,有了这个过滤器,一切正常,会话无效:Java 会话不会失效,java,servlet-filters,httpsession,Java,Servlet Filters,Httpsession,我正在尝试编写一个过滤器,它检查用户是否已登录,万一并没有将其重定向到登录页面。以前我有一个过滤器,它实际上什么都没做-u-在这里,有了这个过滤器,一切正常,会话无效: public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (Htt
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpSession session = request.getSession();
if (session == null || session.getAttribute("UserName") == null) {
String command = request.getParameter("command");
request.setAttribute("command", "login");
// String page = ConfigurationManager.getInstance().getProperty(
// ConfigurationManager.LOGIN_PAGE_PATH);
} else {
String username = (String) session.getAttribute("UserName");
UserRole role;
try {
role = UserDAOImpl.getUserRole(username);
session.setAttribute("role", role);
} catch (DAOTechnicException e) {
logger.error(e);
} catch (DAOLogicException e) {
logger.error(e);
}
}
chain.doFilter(req, res);
}
当我使会话无效时,它进入(若会话==null)块,一切正常
但现在我有了另一个过滤器,它是:
public class UserCheckFilter implements Filter {
static class FilteredRequest extends HttpServletRequestWrapper {
public FilteredRequest(ServletRequest request) {
super((HttpServletRequest) request);
}
public String getParameter(String paramName) {
String value = super.getParameter(paramName);
if(value!=null){
if (value.equals("login")) {
return value;
}
HttpSession session = super.getSession();
if (session == null || session.getAttribute("UserName") == null) {
value = "login";
}
}
return value;
}
}
/**
* Checks if user logged in and if not redirects to login page
*/
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("UserName") == null) {
if(request.getParameter("command")!=null){
String command = request.getParameter("command");
if(!command.equals("login")){
FilteredRequest filtrequest = new FilteredRequest(request);
String filteredvalue = filtrequest.getParameter("command");
chain.doFilter(filtrequest, res);
}else{
chain.doFilter(req, res);
}
}else{
chain.doFilter(req, res);
}
} else {
String username = (String) session.getAttribute("UserName");
UserRole role;
chain.doFilter(req, res);
try {
role = UserDAOImpl.getUserRole(username);
session.setAttribute("role", role);
} catch (DAOTechnicException e) {
logger.error(e);
} catch (DAOLogicException e) {
logger.error(e);
}
}
}
在其中,我包装getParameter方法并检查未登录的用户是否正在尝试转到用户或管理员页面。但当我使会话失效时,它不会失效,即所有参数保持不变,然后在过滤器中检查会话是否有效!=null,它不是null,并且在session.setAttribute(“role”,role)行中;我得到异常“会话已无效”
以下是我使会话无效的方法:
if(request.getSession(false)!=null){
request.getSession().invalidate();
}
String page = ConfigurationManager.getInstance().getProperty(
ConfigurationManager.LOGIN_PAGE_PATH);
return page;
在你使用的servlet中
RequestDispatcher dispatcher = getServletContext()
.getRequestDispatcher(page);
dispatcher.forward(request, response);
顺便说一句,只有使用第二个筛选器,才会出现会话无效的情况
p、 很抱歉问了个愚蠢的问题,但我真的不知道怎么了,
因此,任何建议都将不胜感激。我认为这是因为您总是调用chain.doFilter() 根据Oracle的文档 此方法的典型实现如下所示 模式:-