1

フィルタで無限ループが発生しています。url-pattern は一般的ではありません。なぜそれがそれを引き起こしているのか理解できないようです。これが私のフィルターのマッピングです

<filter>
    <filter-name>AdminAuthentication</filter-name>
    <filter-class>my.filters.AdminAuthFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>AdminAuthentication</filter-name>
    <url-pattern>/admin/addLocation</url-pattern>
    <url-pattern>/admin/deleteLocation</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

このコードは前に実行されますchain.doFilter(request, response) 

private void doBeforeProcessing(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {
    if (debug) {
        log("AdminAuthFilter:DoBeforeProcessing");
    }

HttpServletRequest _request = (HttpServletRequest) request; 
    HttpSession session = _request.getSession();
    User user = (User) session.getAttribute("user"); 

    if(user == null) {
        //send redirect somewhere
        HttpServletResponse _response = (HttpServletResponse) response; 
        _response.sendRedirect("login.jsp"); 
        return; 
    }
}

私の問題は、ログインせずに admin/addLocation に移動すると、次のように無限のリダイレクトが発生する http://localhost:8080/PROJ/admin/admin/admin/admin...ことです。それ以外の場合は、ログインすると正常に動作します。login.jsp も admin フォルダーにはありません。助けてください。

4

1 に答える 1

1

Your entry point needs to be outside of your filter. Your redirect is prob. fighting the chain.doFilter due to the fact user is null.

Here is a simple login filter I use to check if the user is logged in and in the session within the defined url pattern.

Filter descriptor

<filter>
    <filter-name>AdminFilter</filter-name>
    <filter-class>com.AdminLoginFilter</filter-class>
    <description>Admin Login Filter</description>
    <init-param>
        <param-name>Admin_login_form</param-name>
        <param-value>/administration/login</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>AdminFilter</filter-name>
    <url-pattern>/administration/controlpanel/*</url-pattern>
</filter-mapping>

Servlet Filter

public class AdminLoginFilter implements Filter {

private FilterConfig filterConfig;
private String loginForm; 

public void init(FilterConfig filterConfig) throws ServletException {
    this.filterConfig = filterConfig;
    loginForm = this.filterConfig.getInitParameter("Admin_login_form");
}

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpSession session = httpRequest.getSession();

    ControlPanelUser adminUser = (ControlPanelUser) session.getAttribute(PageConstants.CONTROL_PANEL_USER); 

    if ((adminUser == null || adminUser.getBoId() < 1)) { //Send user to login form
        filterConfig.getServletContext().getRequestDispatcher(loginForm).forward(request, response); 
    } else {// Send user to requested page
        chain.doFilter(request,response); 
    }

}

public void destroy() {
    this.filterConfig = null;
}
}

Credential check

public class CheckUserCredentialsCommand implements Command {
public void execute(CommandContext commandContext) throws Exception {

    ILoginForm loginForm = new LoginForm();
    loginForm.populateFromForm(commandContext);

    List<ValidationMessage> messages = loginForm.validate();

    if(messages != null && messages.size() > 0){
        commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
    } else {        
        ControlPanelUser customer = ControlPanelUserDAO.selectControlPanelUser(loginForm.getEmailAddress(), loginForm.getPasswrd());
        if(customer != null){
            commandContext.setScopedVariable(PageConstants.CONTROL_PANEL_USER, customer, ScopedContext.SESSION);
        } else {
            commandContext.setScopedVariable(PageConstants.LOGIN_MESSAGES, messages, ScopedContext.REQUEST);
        }
    }
    String referer = commandContext.getRequest().getHeader("referer");
    if(referer != null){
        referer = referer.substring(referer.lastIndexOf("/") + 1, referer.length());
        if("login".equals(referer)){
            commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
        } else {
            commandContext.redirect(commandContext.getRequest().getHeader("referer"));
        }
    } else {
        commandContext.redirect(commandContext.getServletContext().getContextPath()+"/administration/controlpanel/dashboard");
    }
}

}

my login entry is http://www.mysite.com/administration/login, when i login on that page it submits to the CheckUserCredentialsCommand which is just a simple servlet. That servlet then tries to do a page redirect to one of the pages that is behind the filter. In the filter it checks the user, if the user is null it forwards back to the login page, if there is a valid user it goes through the filter chain which was your redirect from the CheckUserCredentialsCommand and now your ur l looks like http://www.mysite.com/administration/controlpanel/dashboard, dashboard page being behind the filter, if there was no user you would never be able to get to that page.

于 2013-05-26T05:04:29.890 に答える