登录时对受限制页面的JSF ServletFilter限制 [英] JSF ServletFilter Restriction on Restricted pages when logged in

问题描述

每次调用"com.shadibandhan.Restricted"文件夹中的文件(图像和xhtml)时，都会调用此servlet过滤器servlet.

I've this servlet filter servlet called everytime a file (images and xhtmls) from my "com.shadibandhan.Restricted" folder is called.

我正在使用JSF，因此还有 Faces Servlet .

I'm using JSF, so there's also Faces Servlet.

这是我的web.xml

This is my web.xml

    <?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Production</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
        <servlet-name>SbServlet</servlet-name>
        <servlet-class>com.shadibandhan.ControllerLayer.SbServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>    
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>SbServlet</servlet-name>
        <url-pattern>/SbServlet</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/index.xhtml</welcome-file>
    </welcome-file-list>
    <listener>
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
    </listener>
    <filter>
        <filter-name>SessionFilter</filter-name>
        <filter-class>
            com.shadibandhan.ControllerLayer.SessionFilter
        </filter-class>
        <init-param>
            <param-name>avoid-urls</param-name>
            <param-value></param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>SessionFilter</filter-name>
        <url-pattern>/faces/com.shadibandhan.Restricted/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>PrimeFaces FileUpload Filter</filter-name>
        <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
        <init-param>
            <param-name>thresholdSize</param-name>
            <param-value>4096</param-value> <!-- 4 Mb -->
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>PrimeFaces FileUpload Filter</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
</web-app>

这是我的名为SessionFilter的Servlet过滤器

And this is my Servlet Filter named SessionFilter

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.shadibandhan.ControllerLayer;

import java.io.IOException;
import java.util.ArrayList;
import java.util.StringTokenizer;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 *
 * @author MUDASSIR
 */
public class SessionFilter implements Filter {

    private ArrayList<String> urlList;

    @Override
    public void init(FilterConfig config) throws ServletException {

        System.out.println("****************************************");
        System.out.println("***Session Filter Servlet initialized***");
        System.out.println("****************************************");
        String urls = config.getInitParameter("avoid-urls");
        System.out.println("The urls to avoid are = " + urls);
        StringTokenizer token = new StringTokenizer(urls, ",");

        urlList = new ArrayList<String>();

        while (token.hasMoreTokens()) {
            urlList.add(token.nextToken());

        }
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain chain) throws IOException, ServletException {

        System.out.println("This is the doFilter method");

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String servletPath = request.getRequestURI();
        String contextPath = request.getContextPath();
        String remoteHost = request.getRemoteHost();
        String url = contextPath + servletPath;
        System.out.println("-----------------> Servlet path is = " + servletPath);
        System.out.println("-----------------> Context path is " + contextPath);
        System.out.println("-----------------> URL is " + url);
        System.out.println("-----------------> Remote Host is " + remoteHost);
        boolean allowedRequest = false;

        if (urlList.contains(servletPath)) {
            allowedRequest = true;
        }

        if (!allowedRequest) {
            HttpSession session = request.getSession(false);
            if (null == session) {

                System.out.println("Session is not present");
                response.sendRedirect(contextPath);
                return;

            } if (null != session) {
                //String loggedIn = (String) session.getAttribute("sb_logged_in");
                System.out.println("Session is present");
                System.out.println("\nSession no. is = " + session.getId());

                if (session.getAttribute("logged-in") == "true") {
                    System.out.println("Session logged-in attribute is true, " + session.getAttribute("sessionUsername") + " is logged in.");

                    //ServletContext context = request.getServletContext();

                    RequestDispatcher dispatcher = request.getRequestDispatcher(servletPath);
                    dispatcher.forward(request, response);
                } else {
                    System.out.println("Session logged-in attribute is not true");
                    response.sendRedirect(contextPath);
                    return;
                }
            }
        }

        chain.doFilter(req, res);
    }

    @Override
    public void destroy() {
    }
}

之前，我使用了request.getServletPath().现在，我正在使用request.getRequestURI()获取用户想要去的路径.

Before, I used request.getServletPath(). Now, i'm using request.getRequestURI() to get the path where the user wants to go.

但是它没有打开页面.每当我尝试访问受限制的页面时，都会调用sessionfilter，它会给我这个错误.

But it's not opening up the page. When ever i try to access the restricted pages, the sessionfilter is called, it gives me this error.

type Status report

message /ShadiBandhan/ShadiBandhan/faces/com.shadibandhan.Restricted/home.xhtml

description The requested resource (/ShadiBandhan/ShadiBandhan/faces/com.shadibandhan.Restricted/home.xhtml) is not available.

我之前曾问过这个问题，但标题不同，所以不清楚. 登录时索引页面上的JSF ServletFilter限制

I've asked the question before but with a different title which made it unclear. JSF ServletFilter Restriction on index page when logged in

注意.它两次添加了上下文.我不知道为什么有人可以帮我吗?谢谢

NOTE It is adding the context two times. I don't know why. Can anybody please help me. Thanks

推荐答案

getRequestURI()已经包含上下文路径，这就是为什么您在最终URL中两次看到它的原因.要获取不带上下文路径的请求URI，请按如下所示将其子字符串化:

The getRequestURI() already includes the context path, that's why you see it twice in final URL. To get the request URI without the context path, substring it as follows:

String contextRelativeURI = request.getRequestURI().substring(request.getContextPath().length());

顺便说一句，在forward()调用之后，缺少了return语句.

By the way, there's a missing return statement after that forward() call.

这篇关于登录时对受限制页面的JSF ServletFilter限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！