使用过滤器的Javaservlet重定向
我有以下问题: 我有一个带有登录表单的使用过滤器的Javaservlet重定向,java,servlets,servlet-filters,Java,Servlets,Servlet Filters,我有以下问题: 我有一个带有登录表单的index.html页面: <html> <head> <title>TODO supply a title</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> &l
index.html
页面:
<html>
<head>
<title>TODO supply a title</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="css/css.css" type="text/css" rel="stylesheet"/>
</head>
<body>
<nav>
<form action="">
<label for="username">User: </label><input name ="username" type="text">
<label for="password">Password: </label><input name ="password" type="password">
<input type="submit" value="Vai">
</form>
</nav>
<section id ="page">
</section>
</body>
</html>
下面是f2
过滤器:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
if (debug) {
log("f2:doFilter()");
}
doBeforeProcessing(request, response);
HttpServletRequest req = (HttpServletRequest) request;
if(req.getSession().getAttribute("username") == null)
System.out.println("Attributo username = NULL");
if(!req.getParameter("username").equals("admin")){
System.out.println("Username is not ADMIN");
req.getRequestDispatcher("/payroll/public/dipendenti.html").forward(request, response);
}
else{
System.out.println("Username is ADMIN");
req.getRequestDispatcher("/payroll/private/stipendi.html").forward(request, response);
}
Throwable problem = null;
try {
chain.doFilter(request, response); return;
} catch (Throwable t) {
// If an exception is thrown somewhere down the filter chain,
// we still want to execute our after processing, and then
// rethrow the problem after that.
problem = t;
t.printStackTrace();
}
doAfterProcessing(request, response);
// If there was a problem, we want to rethrow it if it is
// a known type, otherwise log it.
if (problem != null) {
if (problem instanceof ServletException) {
throw (ServletException) problem;
}
if (problem instanceof IOException) {
throw (IOException) problem;
}
sendProcessingError(problem, response);
}
}
我重温了一些事情:
我有一个无限循环,因为我的过滤器f2
具有url模式=/*
,因此它捕获每个请求,对其进行细化,发送它,并重新匹配刚刚发送的相同请求。一遍又一遍
这名男子说,我必须将我的url模式
更改为其他模式。但是什么呢?如果我创建一个名为。。。比如说myRedirectServlet.java
,在index.html
:action=“myRedirectServlet”
或只是action=“/payroll/”
,而不创建任何servlet?
我很抱歉,但我很困惑
请帮帮我你所做的事不符合安全利益。你应该利用的概念-但让我们把它留到另一天
编辑:我总是被重定向到
/payroll/public/dipendenti.html
,即使我的用户名不是“admin”,我也不知道为什么,我刚刚开始学习它,所以在这一点上我并没有真正考虑安全性。顺便说一下,在我的表单action
字段中添加我想要到达的页面的路径:/payroll/private/stipendi.html
,然后放入else
语句chain.doFilter(请求、响应)代码>但我总是被重定向到/payroll/private/stipendi.html
。。。我不明白为什么
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
if (debug) {
log("f2:doFilter()");
}
doBeforeProcessing(request, response);
HttpServletRequest req = (HttpServletRequest) request;
if(req.getSession().getAttribute("username") == null)
System.out.println("Attributo username = NULL");
if(!req.getParameter("username").equals("admin")){
System.out.println("Username is not ADMIN");
req.getRequestDispatcher("/payroll/public/dipendenti.html").forward(request, response);
}
else{
System.out.println("Username is ADMIN");
req.getRequestDispatcher("/payroll/private/stipendi.html").forward(request, response);
}
Throwable problem = null;
try {
chain.doFilter(request, response); return;
} catch (Throwable t) {
// If an exception is thrown somewhere down the filter chain,
// we still want to execute our after processing, and then
// rethrow the problem after that.
problem = t;
t.printStackTrace();
}
doAfterProcessing(request, response);
// If there was a problem, we want to rethrow it if it is
// a known type, otherwise log it.
if (problem != null) {
if (problem instanceof ServletException) {
throw (ServletException) problem;
}
if (problem instanceof IOException) {
throw (IOException) problem;
}
sendProcessingError(problem, response);
}
}