登录时索引页面上的JSF ServletFilter限制 [英] JSF ServletFilter Restriction on index page when logged in

问题描述

每次调用"Restricted"文件夹中的文件时，都会调用此servlet过滤器servlet.

I've this servlet filter servlet called everytime a file from "Restricted" folder is called.

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.shadibandhan.ControllerLayer;

import java.io.IOException;
import java.util.ArrayList;
import java.util.StringTokenizer;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 *
 * @author MUDASSIR
 */
public class SessionFilter implements Filter {

    private ArrayList<String> urlList;

    @Override
    public void init(FilterConfig config) throws ServletException {

        System.out.println("****************************************");
        System.out.println("***Session Filter Servlet initialized***");
        System.out.println("****************************************");
        String urls = config.getInitParameter("avoid-urls");
        System.out.println("The urls to avoid are = " + urls);
        StringTokenizer token = new StringTokenizer(urls, ",");

        urlList = new ArrayList<String>();

        while (token.hasMoreTokens()) {
            urlList.add(token.nextToken());

        }
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain chain) throws IOException, ServletException {

        System.out.println("This is the doFilter method");

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String servletPath = request.getServletPath();
        String contextPath = request.getContextPath();
        String remoteHost = request.getRemoteHost();
        String url = contextPath + servletPath;
        System.out.println("-----------------> Servlet path is = " + servletPath);
        System.out.println("-----------------> Context path is " + contextPath);
        System.out.println("-----------------> URL is " + url);
        System.out.println("-----------------> Remote Host is " + remoteHost);
        boolean allowedRequest = false;

        if (urlList.contains(servletPath)) {
            allowedRequest = true;
        }

        if (!allowedRequest) {
            HttpSession session = request.getSession(false);
            if (null == session) {

                System.out.println("Session is not present");
                response.sendRedirect(contextPath);
                return;

            }
            if (null != session) {
                //String loggedIn = (String) session.getAttribute("sb_logged_in");
                System.out.println("Session is present");
                System.out.println("\nSession no. is = " + session.getId());

                if (session.getAttribute("logged-in") == "true") {
                    System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");

                    RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
                    dispatcher.forward(request, response);

                } else {
                    System.out.println("Session logged-in attribute is not true");
                    response.sendRedirect(contextPath);
                    return;
                }
            }
        }

        chain.doFilter(req, res);
    }

    @Override
    public void destroy() {
    }
}

当用户登录时，后备Bean中的登录属性设置为true. 现在，我希望当用户尝试访问具有带有用户名和密码字段的表单的"index.xhtml"页面时，如果未登录则将其重定向到home.xhtml页面.

when the user logs in, a logged-in attribute is set to true in the backing bean. Now, i want that when a user tries to access the "index.xhtml" page having a form with username and password field, he's redirected to the home.xhtml page when he's logged in otherwise not.

还请查看我的web.xml文件，以使face servlet与我的URL配合良好.

Also have a look at my web.xml file to make the faces servlet work well with my urls.

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Production</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
        <servlet-name>SbServlet</servlet-name>
        <servlet-class>com.shadibandhan.ControllerLayer.SbServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>    
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>SbServlet</servlet-name>
        <url-pattern>/SbServlet</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/index.xhtml</welcome-file>
    </welcome-file-list>
    <listener>
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
    </listener>
    <filter>
        <filter-name>SessionFilter</filter-name>
        <filter-class>
            com.shadibandhan.ControllerLayer.SessionFilter
        </filter-class>
        <init-param>
            <param-name>avoid-urls</param-name>
            <param-value></param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>SessionFilter</filter-name>
        <url-pattern>/com.shadibandhan.Restricted/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>SessionFilter</filter-name>
        <url-pattern>/index.xhtml</url-pattern>
    </filter-mapping>
</web-app>

像文件一样，仅在路径像

like a file only opens when the path's like

• localhost:8080/ShadiBandhan/faces/index.xhtml或
• localhost:8080/ShadiBandhan/faces/com.shadibandhan.Restricted/home.xhtml

而不是

• localhost:8080/ShadiBandhan/index.xhtml或
• localhost:8080/ShadiBandhan/com.shadibandhan.Restricted/home.xhtml

有什么建议吗?

推荐答案

只需删除

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>

来自您的web.xml.您已经在*.xhtml上建立了一个映射，这很好.

from your web.xml. You already have a mapping on *.xhtml which is perfectly fine.

另一种方法是添加另一个过滤器映射，使其也覆盖/faces/com.shadibandhan.Restricted/*.

An alternative is to add another filter mapping so that it also covers /faces/com.shadibandhan.Restricted/*.

<filter-mapping>
    <filter-name>SessionFilter</filter-name>
    <url-pattern>/faces/com.shadibandhan.Restricted/*</url-pattern>
</filter-mapping>

但这很笨拙.

这篇关于登录时索引页面上的JSF ServletFilter限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！