当用户未登录时,Servlet过滤器将在无限重定向循环中运行 [英] Servlet filter runs in infinite redirect loop when user is not logged in
问题描述
我有两个HTML文件
- login.html
- Test.html
我的要求是,除非用户通过login.html
My requirement is that the User shouldn't able to access test.html unless he logs in successfully that is through login.html
这是我的login.html文件
This is my login.html file
<html>
<head>
<title>Login Page 122</title>
</head>
<body>
<form action="LoginServlet" method="post">
Username: <input type="text" name="user">
<br>
Password: <input type="password" name="pwd">
<br>
<input type="submit" value="Login User">
</form>
</body>
</html>
这是我的LoginServlet,当单击提交"按钮时,它会接收请求
This is my LoginServlet which recivies the request when clicked on the submit button
package com;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private final String userID = "admin";
private final String password = "password";
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
if(userID.equals(user) && password.equals(pwd)){
HttpSession session = request.getSession();
session.setAttribute("user", "LoggedIN");
response.sendRedirect("LoginSuccess.jsp");
}else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("/login.html");
PrintWriter out= response.getWriter();
out.println("<font color=red>Either user name or password is wrong.</font>");
rd.include(request, response);
}
}
}
这是我的Filter类,用于保护* .html资源
This is my Filter class which protects the *.html resources
package com;
public class AuthenticationFilter implements Filter {
private ServletContext context;
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
this.context.log("AuthenticationFilter initialized");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String uri = req.getRequestURI();
this.context.log("Requested Resource::"+uri);
HttpSession session = req.getSession(false);
if(session == null || !session.getAttribute("user").toString().equals("LoggedIN")){
this.context.log("Unauthorized access request");
System.out.println("Into session is null condition");
res.sendRedirect("login.html");
}else{
System.out.println("Into chain do filter");
chain.doFilter(request, response);
}
}
public void destroy() {
}
}
这是我的web.xml文件
And this is my web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<display-name>LoginFilter</display-name>
<servlet>
<description></description>
<display-name>LoginServlet</display-name>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>LogoutServlet</display-name>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/LogoutServlet</url-pattern>
</servlet-mapping>
<filter>
<display-name>AuthenticationFilter</display-name>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>com.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
</web-app>
我看到的问题是
我在服务器控制台中多次看到此语句.
I am seeing this statement multiple times in my server console .
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
推荐答案
当请求login.html
时,此AuthenticationFilter
也将运行.但是,该代码将再次重定向到login.html
,而不是继续执行过滤器链.这说明了无限重定向循环.
This AuthenticationFilter
also runs when login.html
is being requested. However, the code is redirecting to login.html
once again instead of continuing the filter chain. This explains the infinite redirect loop.
如果当前请求的页面本身已经是登录页面,则需要让过滤器仅继续请求.
You need to let the filter just continue the request if the currently requested page is already the login page itself.
例如
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(false);
String loginURL = req.getContextPath() + "/login.html";
boolean loggedIn = session != null && session.getAttribute("user") != null;
boolean loginRequest = loginURL.equals(req.getRequestURI());
if (loggedIn || loginRequest) {
chain.doFilter(request, response);
} else {
res.sendRedirect(loginURL);
}
}
另请参见:
- 用于登录的身份验证过滤器和servlet
- Authentication filter and servlet for login
See also:
这篇关于当用户未登录时,Servlet过滤器将在无限重定向循环中运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!