登录时对受限制页面的JSF ServletFilter限制 [英] JSF ServletFilter Restriction on Restricted pages when logged in
问题描述
每次调用"com.shadibandhan.Restricted"文件夹中的文件(图像和xhtml)时,都会调用此servlet过滤器servlet.
I've this servlet filter servlet called everytime a file (images and xhtmls) from my "com.shadibandhan.Restricted" folder is called.
我正在使用JSF,因此还有 Faces Servlet .
I'm using JSF, so there's also Faces Servlet.
这是我的web.xml
This is my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>SbServlet</servlet-name>
<servlet-class>com.shadibandhan.ControllerLayer.SbServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SbServlet</servlet-name>
<url-pattern>/SbServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>
com.shadibandhan.ControllerLayer.SessionFilter
</filter-class>
<init-param>
<param-name>avoid-urls</param-name>
<param-value></param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/faces/com.shadibandhan.Restricted/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
<init-param>
<param-name>thresholdSize</param-name>
<param-value>4096</param-value> <!-- 4 Mb -->
</init-param>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
</web-app>
这是我的名为SessionFilter的Servlet过滤器
And this is my Servlet Filter named SessionFilter
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package com.shadibandhan.ControllerLayer;
import java.io.IOException;
import java.util.ArrayList;
import java.util.StringTokenizer;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
*
* @author MUDASSIR
*/
public class SessionFilter implements Filter {
private ArrayList<String> urlList;
@Override
public void init(FilterConfig config) throws ServletException {
System.out.println("****************************************");
System.out.println("***Session Filter Servlet initialized***");
System.out.println("****************************************");
String urls = config.getInitParameter("avoid-urls");
System.out.println("The urls to avoid are = " + urls);
StringTokenizer token = new StringTokenizer(urls, ",");
urlList = new ArrayList<String>();
while (token.hasMoreTokens()) {
urlList.add(token.nextToken());
}
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
System.out.println("This is the doFilter method");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String servletPath = request.getRequestURI();
String contextPath = request.getContextPath();
String remoteHost = request.getRemoteHost();
String url = contextPath + servletPath;
System.out.println("-----------------> Servlet path is = " + servletPath);
System.out.println("-----------------> Context path is " + contextPath);
System.out.println("-----------------> URL is " + url);
System.out.println("-----------------> Remote Host is " + remoteHost);
boolean allowedRequest = false;
if (urlList.contains(servletPath)) {
allowedRequest = true;
}
if (!allowedRequest) {
HttpSession session = request.getSession(false);
if (null == session) {
System.out.println("Session is not present");
response.sendRedirect(contextPath);
return;
} if (null != session) {
//String loggedIn = (String) session.getAttribute("sb_logged_in");
System.out.println("Session is present");
System.out.println("\nSession no. is = " + session.getId());
if (session.getAttribute("logged-in") == "true") {
System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");
//ServletContext context = request.getServletContext();
RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
dispatcher.forward(request, response);
} else {
System.out.println("Session logged-in attribute is not true");
response.sendRedirect(contextPath);
return;
}
}
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
之前,我使用了request.getServletPath().现在,我正在使用request.getRequestURI()获取用户想要去的路径.
Before, I used request.getServletPath(). Now, i'm using request.getRequestURI() to get the path where the user wants to go.
但是它没有打开页面.每当我尝试访问受限制的页面时,都会调用sessionfilter,它会给我这个错误.
But it's not opening up the page. When ever i try to access the restricted pages, the sessionfilter is called, it gives me this error.
type Status report
message /ShadiBandhan/ShadiBandhan/faces/com.shadibandhan.Restricted/home.xhtml
description The requested resource (/ShadiBandhan/ShadiBandhan/faces/com.shadibandhan.Restricted/home.xhtml) is not available.
我之前曾问过这个问题,但标题不同,所以不清楚. 登录时索引页面上的JSF ServletFilter限制
I've asked the question before but with a different title which made it unclear. JSF ServletFilter Restriction on index page when logged in
注意.它两次添加了上下文.我不知道为什么有人可以帮我吗?谢谢
NOTE It is adding the context two times. I don't know why. Can anybody please help me. Thanks
推荐答案
getRequestURI()
已经包含上下文路径,这就是为什么您在最终URL中两次看到它的原因.要获取不带上下文路径的请求URI,请按如下所示将其子字符串化:
The getRequestURI()
already includes the context path, that's why you see it twice in final URL. To get the request URI without the context path, substring it as follows:
String contextRelativeURI = request.getRequestURI().substring(request.getContextPath().length());
顺便说一句,在forward()
调用之后,缺少了return
语句.
By the way, there's a missing return
statement after that forward()
call.
这篇关于登录时对受限制页面的JSF ServletFilter限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!