Fatal编程技术网
  • servlets/
  • Servlets 当用户未登录时,Servlet筛选器在无限重定向循环中运行

Servlets 当用户未登录时,Servlet筛选器在无限重定向循环中运行

servlets login

Servlets 当用户未登录时,Servlet筛选器在无限重定向循环中运行,servlets,login,servlet-filters,redirect-loop,Servlets,Login,Servlet Filters,Redirect Loop,我有两个HTML文件 login.html Test.html 我的要求是,除非用户通过login.html成功登录,否则不能访问test.html 这是我的login.html文件 <html> <head> <title>Login Page 122</title> </head> <body> <form action="LoginServlet" method="post"> Username: <

我有两个HTML文件

login.html Test.html 我的要求是,除非用户通过login.html成功登录,否则不能访问test.html

这是我的login.html文件

<html>
<head>
<title>Login Page 122</title>
</head>
<body>
<form action="LoginServlet" method="post">
Username: <input type="text" name="user">
<br>
Password: <input type="password" name="pwd">
<br>
<input type="submit" value="Login User">
</form>
</body>
</html>
这是我的web.xml文件

<?xml version="1.0" encoding="UTF-8"?>

<web-app>
  <display-name>LoginFilter</display-name>
   <servlet>
    <description></description>
    <display-name>LoginServlet</display-name>
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/LoginServlet</url-pattern>
  </servlet-mapping>
  <servlet>
    <description></description>
    <display-name>LogoutServlet</display-name>
    <servlet-name>LogoutServlet</servlet-name>
    <servlet-class>com.LogoutServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>LogoutServlet</servlet-name>
    <url-pattern>/LogoutServlet</url-pattern>
  </servlet-mapping>
  <filter>
    <display-name>AuthenticationFilter</display-name>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>com.AuthenticationFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>*.html</url-pattern>
  </filter-mapping>
</web-app>
此AuthenticationFilter也在请求login.html时运行。但是,代码再次重定向到login.html,而不是继续过滤链。这就解释了无限重定向循环

如果当前请求的页面已经是登录页面本身,则需要让筛选器继续请求

例如

另见: 因为您使用的是response.sendRedirect,所以容器可能决定不包含JSESSIONID cookie。改用requestDispatcher转发到成功JSP。 
package com;
 public class AuthenticationFilter implements Filter {
    private ServletContext context;
    public void init(FilterConfig fConfig) throws ServletException {
        this.context = fConfig.getServletContext();
        this.context.log("AuthenticationFilter initialized");
    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        String uri = req.getRequestURI();
        this.context.log("Requested Resource::"+uri);
        HttpSession session = req.getSession(false);
        if(session == null || !session.getAttribute("user").toString().equals("LoggedIN")){
            this.context.log("Unauthorized access request");
            System.out.println("Into session is null condition");
            res.sendRedirect("login.html");
        }else{
           System.out.println("Into chain do filter");
            chain.doFilter(request, response);
        }
    }
    public void destroy() {
    }
}

<?xml version="1.0" encoding="UTF-8"?>

<web-app>
  <display-name>LoginFilter</display-name>
   <servlet>
    <description></description>
    <display-name>LoginServlet</display-name>
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/LoginServlet</url-pattern>
  </servlet-mapping>
  <servlet>
    <description></description>
    <display-name>LogoutServlet</display-name>
    <servlet-name>LogoutServlet</servlet-name>
    <servlet-class>com.LogoutServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>LogoutServlet</servlet-name>
    <url-pattern>/LogoutServlet</url-pattern>
  </servlet-mapping>
  <filter>
    <display-name>AuthenticationFilter</display-name>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>com.AuthenticationFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>*.html</url-pattern>
  </filter-mapping>
</web-app>

Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    HttpSession session = req.getSession(false);
    String loginURL = req.getContextPath() + "/login.html";

    boolean loggedIn = session != null && session.getAttribute("user") != null;
    boolean loginRequest = loginURL.equals(req.getRequestURI());

    if (loggedIn || loginRequest) {
        chain.doFilter(request, response);
    } else {
        res.sendRedirect(loginURL);
    }
}