AuthFilter过滤器阻断通过转发的WEB-INF/jsp页面失败
您好,
我的问题是如何使AuthFilter起效果。限制不登录不能进管理页面。
我的login.jsp放在WEB-CONTENT的根目录下,因为我不想阻断login.jsp,也不想阻断非JSP文件。而管理页面都放在WEB-INF/jsp目录下,管理页面通过SERVLET controller跳转到JSP页面,在eclipse中没有输出 AuthFilter 的阻 断信息。我看了其他人同样的问题,通过controller跳转到JSP页面不会被filter 拦截,我想问下怎么在WEB.XML里面配置才能使这种 跳转过去的也被拦截到???
相关截图:
相关截图:
相关截图:
WEB.xml配置文件如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>library</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<filter>
<filter-name>EncodeFilter</filter-name>
<filter-class>com.imooc.library.filter.EncodeFilter</filter-class>
<init-param>
<param-name>Encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.imooc.library.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/WEB-INF/jsp/*</url-pattern>
<!-- <url-pattern>/*</url-pattern> -->
</filter-mapping>
</web-app>
相关代码:
package com.imooc.library.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.imooc.library.entity.User;
/*
*
*/
public class AuthFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
User user=(User)req.getSession().getAttribute("user");
System.out.println("====== authfilter过滤user结果username="+user.getUserName());
if(user!=null) {
chain.doFilter(request, response);
return;
}else {
res.sendRedirect(request.getServletContext()+"/login.jsp");
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
正在回答 回答被采纳积分+1
解决了。
package com.imooc.library.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.imooc.library.entity.User;
/*
*
*/
public class AuthFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
StringBuffer URL=req.getRequestURL();
System.out.println("filter URL="+URL);
String url[]={".js",".html","login",".css","png","jpg"};
boolean flag=false;
String method=req.getParameter("method");
if(method!=null) {
if(method.equals("login")) {
flag=true;
}
}
for(String str:url) {
System.out.println("index="+URL.indexOf(str));
if(URL.indexOf(str)>0) {
flag=true;
break;
}
}
if(!flag) {
System.out.println("====== authfilter过滤user结果username=");
User user=(User)req.getSession().getAttribute("user");
if(user!=null) {
chain.doFilter(request, response);
}else {
res.sendRedirect(req.getContextPath()+"/login.jsp");
//chain.doFilter(request, response);
}
}else
{
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
同学你哈哦,1、建议同学将 <url-pattern>/WEB-INF/jsp/*</url-pattern>修改为 <url-pattern>/*</url-pattern>,如下图所示:
/* 会匹配所有url(只匹配当前文件夹下文件,不匹配子文件夹下文件),路径型的和后缀型的url(包括/login,*.jsp,*.js和*.html等)。
2、建议在AuthFilter过滤器中放行js、css、login等页面。如下图所示:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
// 判断是否能通过
boolean flag = false;
String reqURI = req.getRequestURI();
// 不需要过滤的url
String[] url = { ".js", ".css", ".html", ".png", "/login" };
for (String str : url) {
// 判断uri是否需要过滤
if (reqURI.indexOf(str) != -1) {
flag = true;
break;
}
}
// 如果为flag为false,则判断是否登录,如果登录,则放行,没登录则跳转到登录页面
if (!flag) {
User user = (User) req.getSession().getAttribute("user");
if (user != null) {
// 如果user为null,则直接调用getUserName()方法,会出现空指针异常,所以建议在if判断中进行输出
System.out.println("====== authfilter过滤user结果username=" + user.getUserName());
chain.doFilter(request, response);
return;
} else {
res.sendRedirect(request.getServletContext() + "/login.jsp");
}
}
chain.doFilter(request, response);
}
祝学习愉快!
- 参与学习 人
- 提交作业 9400 份
- 解答问题 16556 个
综合就业常年第一,编程排行常年霸榜,无需脱产即可学习,北上广深月薪过万 无论你是未就业的学生还是想转行的在职人员,不需要基础,只要你有梦想,想高薪
了解课程
恭喜解决一个难题,获得1积分~
来为老师/同学的回答评分吧
0 星