0
我在我的登錄應用程序中使用了過濾器。我想要一些頁面只有 由管理員訪問。我已將這些頁面保存在管理文件夾中,並且在我的項目中實現了過濾器 。但其他用戶仍可通過URL訪問 。受登錄過濾器限制的頁面仍可被其他用戶訪問
我哪裏去錯了?
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig config) throws ServletException {
// If you have any <init-param> in web.xml, then you could get them
// here by config.getInitParameter("name") and assign it as field.
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("user") == null) {
response.sendRedirect(request.getContextPath() + "/Login.xhtml"); // No logged-in user found, so redirect to login page.
} else {
chain.doFilter(req, res); // Logged-in user found, so just continue request.
}
}
@Override
public void destroy() {
// If you have assigned any expensive resources as field of
// this Filter class, then you could clean/close them here.
}
}
在上面的問題規範中,我已經包括除了UI之外的所有與登錄相關的代碼......我在哪裏出錯?如果過濾器沒有得到執行,那麼我需要做什麼來糾正它? – Idea
是的,但是你是否嘗試過調試這個,畢竟你可以像其他任何代碼一樣調試過濾器。什麼是您嘗試訪問的網址?您已將過濾器定義爲僅適用於以admin /開頭的網址...您告訴您的過濾器根本不運行?我記得有一次,我看到,放入默認包的servlet沒有被Tomcat引擎(大約5年前)正確處理。請嘗試將過濾器放入一些包 –
在另一個包中添加過濾器後仍然面臨同樣的問題 – Idea