我已经访问了Java FilterImplementation的会话检查链接,其中说明了Spring的安全性。我没有得到我需要的帮助。
应用过滤器登录后.jsp无法加载 CSS 和图像。
我正在尝试在 web 中提供过滤器的简单示例.xml并在 login.jsp 以外的页面上应用过滤器。网站.xml文件是:
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AuthenticationFilter2</filter-name>
<filter-class>filter.AuthorizationFilter2</filter-class>
<init-param>
<param-name>avoid-urls</param-name>
<param-value>login.jsp</param-value>
</init-param>`
<filter>
过滤器类是:
private ArrayList<String> urlList;
public void destroy() {
// TODO Auto-generated method stub
System.out.println("authorization filter2 destroy method....");
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
System.out.println("authorization filter2 doFilter method....");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String url = request.getServletPath();
System.out.println("ppp:"+request.getRequestURL());
System.out.println("url is :"+url);
boolean allowedRequest = false;
System.out.println("url list is :"+urlList);
if(urlList.contains(url.substring(1))) {
allowedRequest = true;
}
System.out.println("request allowed....."+allowedRequest);
if (!allowedRequest) {
Map session = ActionContext.getContext().getSession();
/*HttpSession session = request.getSession(false);*/
/* if (null == session) {
response.sendRedirect("login.jsp");
}*/
System.out.println("session contains login :"+session.containsKey("login"));
if(!session.containsKey("login")){
response.sendRedirect("login.jsp");
}
}
chain.doFilter(req, res);
}
public void init(FilterConfig config) throws ServletException {
System.out.println("authorization filter2 init method....");
String urls = config.getInitParameter("avoid-urls");
StringTokenizer token = new StringTokenizer(urls, ",");
urlList = new ArrayList<String>();
while (token.hasMoreTokens()) {
urlList.add(token.nextToken());
}
}
登录页面包含css和images根据要求。
请帮帮我。谢谢。
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String uri = ((HttpServletRequest)request).getRequestURI();
@SuppressWarnings("rawtypes")
Map session = ActionContext.getContext().getSession();
if ( uri.indexOf("/css") > 0){
chain.doFilter(request, response);
}
else if( uri.indexOf("/images") > 0){
chain.doFilter(request, response);
}
else if( uri.indexOf("/js") > 0){
chain.doFilter(request, response);
}
else if (session.containsKey("login")) {
chain.doFilter(request, response);
}
else {
((HttpServletResponse)response).sendRedirect(((HttpServletRequest)request).getContextPath() + "/login?authentication=failed");
}
}
把这个代码块放在你的动作类中,它可以工作。谢谢大家。
必须在 logjn.jsp 页面上使用的 CSS 文件和图像必须从过滤器中排除