登录时索引页上的JSF ServletFilter限制
每次调用“受限”文件夹中的文件时,我都会调用这个servlet过滤器servlet登录时索引页上的JSF ServletFilter限制,jsf,servlets,web.xml,Jsf,Servlets,Web.xml,每次调用“受限”文件夹中的文件时,我都会调用这个servlet过滤器servlet /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package com.shadibandhan.ControllerLayer; import java.io.IOException; import java.util.ArrayList; import ja
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package com.shadibandhan.ControllerLayer;
import java.io.IOException;
import java.util.ArrayList;
import java.util.StringTokenizer;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author MUDASSIR
*/
public class SessionFilter implements Filter {
private ArrayList<String> urlList;
@Override
public void init(FilterConfig config) throws ServletException {
System.out.println("****************************************");
System.out.println("***Session Filter Servlet initialized***");
System.out.println("****************************************");
String urls = config.getInitParameter("avoid-urls");
System.out.println("The urls to avoid are = " + urls);
StringTokenizer token = new StringTokenizer(urls, ",");
urlList = new ArrayList<String>();
while (token.hasMoreTokens()) {
urlList.add(token.nextToken());
}
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
System.out.println("This is the doFilter method");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String servletPath = request.getServletPath();
String contextPath = request.getContextPath();
String remoteHost = request.getRemoteHost();
String url = contextPath + servletPath;
System.out.println("-----------------> Servlet path is = " + servletPath);
System.out.println("-----------------> Context path is " + contextPath);
System.out.println("-----------------> URL is " + url);
System.out.println("-----------------> Remote Host is " + remoteHost);
boolean allowedRequest = false;
if (urlList.contains(servletPath)) {
allowedRequest = true;
}
if (!allowedRequest) {
HttpSession session = request.getSession(false);
if (null == session) {
System.out.println("Session is not present");
response.sendRedirect(contextPath);
return;
}
if (null != session) {
//String loggedIn = (String) session.getAttribute("sb_logged_in");
System.out.println("Session is present");
System.out.println("\nSession no. is = " + session.getId());
if (session.getAttribute("logged-in") == "true") {
System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");
RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
dispatcher.forward(request, response);
} else {
System.out.println("Session logged-in attribute is not true");
response.sendRedirect(contextPath);
return;
}
}
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
/*
*要更改此模板,请选择工具|模板
*然后在编辑器中打开模板。
*/
包com.shadibandhan.ControllerLayer;
导入java.io.IOException;
导入java.util.ArrayList;
导入java.util.StringTokenizer;
导入javax.servlet.*;
导入javax.servlet.http.HttpServlet;
导入javax.servlet.http.HttpServletRequest;
导入javax.servlet.http.HttpServletResponse;
导入javax.servlet.http.HttpSession;
/**
*
*@author MUDASSIR
*/
公共类SessionFilter实现过滤器{
私有ArrayList URL列表;
@凌驾
public void init(FilterConfig config)抛出ServletException{
System.out.println(“**********************************************************”);
System.out.println(“***会话筛选器Servlet已初始化***”);
System.out.println(“**********************************************************”);
字符串URL=config.getInitParameter(“避免URL”);
System.out.println(“要避免的URL为=“+URL”);
StringTokenizer令牌=新的StringTokenizer(URL,“,”);
urlList=新的ArrayList();
while(token.hasMoreTokens()){
添加(token.nextToken());
}
}
@凌驾
公共无效doFilter(ServletRequest-req、ServletResponse-res、,
FilterChain链)抛出IOException、ServletException{
System.out.println(“这是doFilter方法”);
HttpServletRequest请求=(HttpServletRequest)请求;
HttpServletResponse=(HttpServletResponse)res;
字符串servletPath=request.getServletPath();
字符串contextPath=request.getContextPath();
字符串remoteHost=request.getRemoteHost();
字符串url=contextPath+servletPath;
System.out.println(“-------------->Servlet路径为=“+servletPath”);
System.out.println(“----------------------->上下文路径为“+contextPath”);
System.out.println(“------------------>URL为”+URL);
System.out.println(“----------------------->远程主机为”+远程主机);
布尔allowedRequest=false;
if(urlist.contains(servletPath)){
allowedRequest=true;
}
如果(!allowedRequest){
HttpSession session=request.getSession(false);
if(null==会话){
System.out.println(“会话不存在”);
sendRedirect(contextPath);
返回;
}
if(null!=会话){
//String loggedIn=(String)session.getAttribute(“sb_logged_in”);
System.out.println(“会话存在”);
System.out.println(“\n会话号为=“+session.getId()”);
if(session.getAttribute(“登录”)=“true”){
System.out.println(“会话登录属性为true,+Session.getAttribute(“sessionUsername”)+“已登录”);
RequestDispatcher=request.getRequestDispatcher(servletPath);
转发(请求、响应);
}否则{
System.out.println(“会话登录属性不正确”);
sendRedirect(contextPath);
返回;
}
}
}
链式过滤器(要求、恢复);
}
@凌驾
公共空间销毁(){
}
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>SbServlet</servlet-name>
<servlet-class>com.shadibandhan.ControllerLayer.SbServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SbServlet</servlet-name>
<url-pattern>/SbServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>
com.shadibandhan.ControllerLayer.SessionFilter
</filter-class>
<init-param>
<param-name>avoid-urls</param-name>
<param-value></param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/com.shadibandhan.Restricted/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/index.xhtml</url-pattern>
</filter-mapping>
</web-app>
javax.faces.PROJECT_阶段
生产
Facesservlet
javax.faces.webapp.FacesServlet
1.
SbServlet
com.shadibandhan.ControllerLayer.SbServlet
1.
Facesservlet
/面孔/*
Facesservlet
*.xhtml
SbServlet
/SbServlet
30
faces/index.xhtml
com.sun.faces.config.ConfigureListener
会话过滤器
com.shadibandhan.ControllerLayer.SessionFilter
避免URL
会话过滤器
/com.shadibandhan.com/*
会话过滤器
/index.xhtml
- localhost:8080/ShadiBandhan/faces/index.xhtml或
- localhost:8080/ShadiBandhan/faces/com.ShadiBandhan.Restricted/home.xhtml
- localhost:8080/ShadiBandhan/index.xhtml或
- localhost:8080/ShadiBandhan/com.ShadiBandhan.Restricted/home.xhtml
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
但这很笨拙。为什么这么笨拙?如何改进?那么我提到的index.xhtml和home.xhtml问题呢?第一种方法很好。另一种方法是笨拙的。只需完全去掉
/faces/*<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/faces/com.shadibandhan.Restricted/*</url-pattern>
</filter-mapping>