当用户未登录时,Servlet 过滤器在无限重定向循环中运行 [英] Servlet filter runs in infinite redirect loop when user is not logged in
问题描述
我有两个 HTML 文件
I have got two HTML files
- 登录.html
- 测试.html
我的要求是用户不应该能够访问 test.html 除非他通过 login.html 成功登录
My requirement is that the User shouldn't able to access test.html unless he logs in successfully that is through login.html
这是我的 login.html 文件
This is my login.html file
<html>
<head>
<title>Login Page 122</title>
</head>
<body>
<form action="LoginServlet" method="post">
Username: <input type="text" name="user">
<br>
Password: <input type="password" name="pwd">
<br>
<input type="submit" value="Login User">
</form>
</body>
</html>
这是我的 LoginServlet,它在点击提交按钮时接收请求
This is my LoginServlet which recivies the request when clicked on the submit button
package com;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private final String userID = "admin";
private final String password = "password";
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
if(userID.equals(user) && password.equals(pwd)){
HttpSession session = request.getSession();
session.setAttribute("user", "LoggedIN");
response.sendRedirect("LoginSuccess.jsp");
}else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("/login.html");
PrintWriter out= response.getWriter();
out.println("<font color=red>Either user name or password is wrong.</font>");
rd.include(request, response);
}
}
}
这是我的过滤器类,用于保护 *.html 资源
This is my Filter class which protects the *.html resources
package com;
public class AuthenticationFilter implements Filter {
private ServletContext context;
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
this.context.log("AuthenticationFilter initialized");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String uri = req.getRequestURI();
this.context.log("Requested Resource::"+uri);
HttpSession session = req.getSession(false);
if(session == null || !session.getAttribute("user").toString().equals("LoggedIN")){
this.context.log("Unauthorized access request");
System.out.println("Into session is null condition");
res.sendRedirect("login.html");
}else{
System.out.println("Into chain do filter");
chain.doFilter(request, response);
}
}
public void destroy() {
}
}
这是我的 web.xml 文件
And this is my web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<display-name>LoginFilter</display-name>
<servlet>
<description></description>
<display-name>LoginServlet</display-name>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>LogoutServlet</display-name>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/LogoutServlet</url-pattern>
</servlet-mapping>
<filter>
<display-name>AuthenticationFilter</display-name>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>com.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
</web-app>
我看到的问题是
我在服务器控制台中多次看到此语句.
I am seeing this statement multiple times in my server console .
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
Into session is null condition
推荐答案
这个 AuthenticationFilter 也会在请求 login.html 时运行.但是,代码再次重定向到 login.html 而不是继续过滤器链.这解释了无限重定向循环.
This AuthenticationFilter also runs when login.html is being requested. However, the code is redirecting to login.html once again instead of continuing the filter chain. This explains the infinite redirect loop.
如果当前请求的页面已经是登录页面本身,您需要让过滤器继续请求.
You need to let the filter just continue the request if the currently requested page is already the login page itself.
例如
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(false);
String loginURL = req.getContextPath() + "/login.html";
boolean loggedIn = session != null && session.getAttribute("user") != null;
boolean loginRequest = loginURL.equals(req.getRequestURI());
if (loggedIn || loginRequest) {
chain.doFilter(request, response);
} else {
res.sendRedirect(loginURL);
}
}
另见:
- 用于登录的身份验证过滤器和 servlet
这篇关于当用户未登录时,Servlet 过滤器在无限重定向循环中运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
