2014-10-29 46 views
1

我在應用程序中創建了一個過濾器來處理登錄/註銷場景。過濾器映射不起作用。在我的web.xml,如果我把<url-pattern>/LoginServlet/*</url-pattern>,過濾器映射的作品,但如果我把一個名稱的jsp,那麼它不起作用<url-pattern>/LoginServlet/list.jsp</url-pattern>。我不想爲所有jsps調用過濾器。過濾器映射在web.xml中不起作用

這是我的過濾器。

public class LoginFilter implements Filter{ 

    public void destroy() { 
     // TODO Auto-generated method stub 

    } 

    public void doFilter(ServletRequest req, ServletResponse res, 
      FilterChain chain) throws IOException, ServletException { 
     System.out.println("LoginFilter : doFilter : Start"); 
     HttpServletRequest request = (HttpServletRequest) req; 
     HttpServletResponse response = (HttpServletResponse) res; 
     response.setHeader("Pragma", "no-cache"); 
     response.setHeader("Cache-Control", "no-cache"); 
     response.setDateHeader("Expires", 0); 

     System.out.println("LoginFilter : doFilter : 111111"); 


     HttpSession session = request.getSession(false); 

     if (session == null || session.getAttribute("user") == null) { 
      System.out.println("LoginFilter : doFilter : 222222"); 
      response.sendRedirect("login.jsp"); 
      //response.sendRedirect(request.getContextPath() + "/login.jsp"); 
      //response.sendRedirect("login.jsp"); 
      //response.sendRedirect("http://localhost:8080/PROJECT_ELMS/login.jsp"); 
     }else { 
      System.out.println("LoginFilter : doFilter : 33333333"); 
      chain.doFilter(request, response); 
     } 

    } 

    public void init(FilterConfig arg0) throws ServletException { 
     // TODO Auto-generated method stub 

    } 

} 

這是我的web.xml

<welcome-file-list> 
    <welcome-file>login.jsp</welcome-file> 
</welcome-file-list> 
<listener> 
    <listener-class>edu.umd.enpm613.helper.StartupListner</listener-class> 
</listener> 
<filter> 
    <filter-name>loginFilter</filter-name> 
    <filter-class>edu.umd.enpm613.servlet.LoginFilter</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>loginFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
<servlet> 
    <description></description> 
    <display-name>LoginServlet</display-name> 
    <servlet-name>LoginServlet</servlet-name> 
    <servlet-class>edu.umd.enpm613.servlet.LoginServlet</servlet-class> 
</servlet> 
<servlet-mapping> 
    <servlet-name>LoginServlet</servlet-name> 
    <url-pattern>/LoginServlet/*</url-pattern> 
</servlet-mapping> 
<servlet> 
    <description></description> 
    <display-name>StudentServlet</display-name> 
    <servlet-name>StudentServlet</servlet-name> 
    <servlet-class>edu.umd.enpm613.servlet.StudentServlet</servlet-class> 
</servlet> 

LoginServlet是:

public class LoginServlet extends HttpServlet { 
    private static final long serialVersionUID = 1L; 

    /** 
    * Default constructor. 
    */ 
    public LoginServlet() { 
     // TODO Auto-generated constructor stub 
    } 

    /** 
    * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) 
    */ 
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 
     // TODO Auto-generated method stub 
    } 

    /** 
    * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) 
    */ 
    @SuppressWarnings("null") 
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 
     System.out.println("LoginServlet : doPost : Start"); 
     LoginDTO returnedDTO = null; 
     String userEmailId = request.getParameter("userid"); 
     try { 
      request.getSession(true).setAttribute("user", userEmailId); 
      String userPassword = request.getParameter("password"); 

      LoginDTO loginDto = new LoginDTO(); 
      loginDto.setUserEmailId(userEmailId); 
      loginDto.setUserPassword(userPassword); 

      returnedDTO = LoginImpl.getUserCategory(loginDto); 

      String category = returnedDTO.getUserCategory(); 

      if (category.equals(ELMSConstants.CATEGORY_STUDENT)) { 
       //request.getRequestDispatcher("student_home.jsp").forward(request,response); 
       System.out.println("LoginServlet : doPost : Start" +request.getContextPath()); 
       System.out.println("LoginServlet : doPost : Start" +request.getRequestURI()); 
       System.out.println("LoginServlet : doPost : Start" + request.getRequestURL()); 
       request.getRequestDispatcher("list.jsp").forward(request,response); 
      } 
      if (category.equals(ELMSConstants.CATEGORY_TEACHER)) { 
       System.out.println("LoginServlet : doPost : 22222222222"); 
       request.getRequestDispatcher("professor_home.jsp").forward(request,response); 
      } 


     }catch (ELMSException exp){ 
      exp.printStackTrace(); 
      System.out.println("LoginServlet : doPost : error message is" + exp.getMessage()); 

      if (exp.getMessage().equals(ELMSException.USER_NEED_TO_CHANGE_PASSWORD)) { 
       System.out.println("LoginServlet : doPost : 1111111111"); 
       request.setAttribute("errorMessage", exp.getMessage()); 
       request.setAttribute("userName", userEmailId); 
       request.getRequestDispatcher("changePassword.jsp").forward(request,response); 
      } 

      if (!exp.getMessage().equals(ELMSException.USER_NEED_TO_CHANGE_PASSWORD)) { 
       request.setAttribute("errorMessage", exp.getMessage()); 
       request.getRequestDispatcher("login.jsp").forward(request,response); 
      } 

     } 

    } 
} 
+0

給出了正確的jsp路徑嗎? /LoginServlet/list.jsp可能不是正確的路徑。 – Santo 2014-10-29 18:54:29

回答

0

過濾器應該跳過登錄頁,因爲它不是一個安全限制,也它將允許您映射所有URL而不會無限循環。

public void doFilter(ServletRequest req, ServletResponse res, 
     FilterChain chain) throws IOException, ServletException { 
    System.out.println("LoginFilter : doFilter : Start"); 
    HttpServletRequest request = (HttpServletRequest) req; 
    HttpServletResponse response = (HttpServletResponse) res; 
    response.setHeader("Pragma", "no-cache"); 
    response.setHeader("Cache-Control", "no-cache"); 
    response.setDateHeader("Expires", 0); 

    System.out.println("LoginFilter : doFilter : 111111"); 


    HttpSession session = request.getSession(false); 

    //bypass the login page and login servlet 

    if (request.getRequestURI().indexof("login.jsp") >= 0 || 
     request.getRequestURI().indexof("/LoginServlet") >= 0){ 
     System.out.println("LoginFilter : bypass the login"); 
     chain.doFilter(request, response); 
    } else { 
     if (session == null || session.getAttribute("user") == null) { 
     System.out.println("LoginFilter : doFilter : 222222"); 
     response.sendRedirect("login.jsp"); 
     //response.sendRedirect(request.getContextPath() + "/login.jsp"); 
     //response.sendRedirect("login.jsp"); 
     //response.sendRedirect("http://localhost:8080/PROJECT_ELMS/login.jsp"); 
     } else { 
     System.out.println("LoginFilter : doFilter : 33333333"); 
     chain.doFilter(request, response); 
     } 
    } 
} 
+0

謝謝。它在服務器啓動時負責處理無限循環。問題是當我登錄login.jsp時,它直接進入過濾器。我得到你放的痕跡,然後它又回到登錄頁面。它永遠不會去LoginServlet。我的LoginServlet將請求轉發給list.jsp,該流程現在不能工作。 – gagan 2014-10-29 19:35:21

+0

用'/ LoginServlet/*'映射一個servlet。 – 2014-10-29 19:52:43

+0

你是指過濾器?我就是這樣繪製的。這是我的映射。\t <濾波器映射> \t \t loginFilter \t \t /LoginServlet/* \t gagan 2014-10-29 19:55:04

0

根據Java的Servlet Specification

在Web應用程序部署描述符,下面的語法是用來定義映射 :

•一個字符串以'/'字符開始,以a結尾/ *」 後綴被用於路徑映射。

•以'*。'開頭的字符串作爲擴展名 映射。

•僅包含'/'字符的字符串表示應用程序的「默認」 servlet。在這種情況下,servlet路徑是 請求URI減去上下文路徑,路徑信息爲空。

•所有其他字符串僅用於精確匹配。

因此,您不能直接映射servlet或過濾器,例如:/LoginServlet/list.jsp。可能的解決辦法是把你的文件的List.jsp到單個文件夾一樣/LoginServlet/Security/list.jsp 並將其映射:

<url-pattern>/LoginServlet/Security/*</url-pattern> 
+0

謝謝。我試過了。我已將所有符合/jsps/*的jsps移動。它仍然不起作用。如果我做/*,它再次工作。但我不希望我的login.jsp成爲其中的一部分,因爲它變成了無限循環。 – gagan 2014-10-29 19:07:23