Java过滤器无限循环 [英] Java Filter Infinite loop

问题描述

我想实现一个过滤器，以做身份验证，但不知何故，被卡在无限循环......任何想法AP preciated。

I want to implement a filter to do the authentication, but somehow it is stuck in infinite loop... Any idea appreciated.

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    doBeforeProcessing(request, response);

    Throwable problem = null;
    HttpSession session = httpRequest.getSession(true);
    if(session.getAttribute("userName")!=null&&session.getAttribute("userName")!=(""))
    {
        try {
            chain.doFilter(request, response);
        } catch (Throwable t) {
            // If an exception is thrown somewhere down the filter chain,
            // we still want to execute our after processing, and then
            // rethrow the problem after that.
            problem = t;
            t.printStackTrace();
        }   
    }else{
        httpResponse.sendRedirect("login.jsp");
        return;
    }

在调试模式下此code只是在无限的时间运行，basicly我希望将用户重定向到的login.jsp时未登录他。
任何的回答美联社preciated。

This code in debug mode just run in infinite times, basicly i want to redirect the user to the login.jsp when he is not logged in. Any answer appreciated.

推荐答案

在这里，

httpResponse.sendRedirect("login.jsp");

你发送目标页面新的HTTP请求，而不是使用它当前的请求。这种新的HTTP请求当然会再次重创过滤器，如果它已经映射到一个过于通用网址模式，如 / * 。和相同的检查将被执行，并且将它重新改向。诸如此类。这是一个无休止的故事。

you're sending a new HTTP request for the target page instead of using the current request for it. This new HTTP request would of course hit the filter once again if it's been mapped on an overly generic URL pattern, such as /*. And the same checks would be performed and it would be redirected again. Etcetera. This is a neverending story.

您需要添加额外的检查执行 FilterChain＃的doFilter（）以及在当前请求的页面的登录页面。

You need to add an extra check to perform FilterChain#doFilter() as well when the currently requested page is the login page.

String loginURL = httpRequest.getContextPath() + "/login.jsp";

if (httpRequest.getRequestURI().equals(loginURL)) || session.getAttribute("userName") != null) {
    chain.doFilter(request, response);
} else {
    httpResponse.sendRedirect(loginURL);
}

请注意，我还取消了空字符串作为用户名nonsensicial检查（但是你会确保的您的code是无处设置一个空字符串作为用户名。只需使用空重新present非登录用户。另外请注意，我固定的重定向URL为好，因为它会失败，如果当前请求的URL中的子文件夹

Note that I also removed the nonsensicial check on the empty string as username (you'd however ensure that your code is nowhere setting an empty string as username. Just use null to represent a non-logged-in user. Also note that I fixed the redirect URL as well, because it would have failed when the currently requested URL is in a subfolder.

一个不同的替代方案是把在一个共同的子文件夹中的所有这些受限制的页面，如 /应用程序， /担保， /限制等，然后地图上的URL模式过滤 /应用/ * ， /安全/ * ， /限制/ * 等来代替。如果你继续登录页面此文件夹之外，则过滤器将不会被当被要求在登录页面调用。

A different alternative is to put all those restricted pages in a common subfolder, such as /app, /secured, /restricted, etc and then map the filter on an URL pattern of /app/*, /secured/*, /restricted/*, etc instead. If you keep the login page outside this folder, then the filter won't be invoked when the login page is been requested.

这篇关于Java过滤器无限循环的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！