我有一个引导程序,它通过单击按钮提交createTicketButton它执行jquery调用
$('#createTicketButton').click(function(event)
{
$.ajax({
processData : false,
contentType : 'application/json',
url : 'myUrl',
"accept" : 'json',
"dataType" : 'json',
"type" : "POST",
data : JSON.stringify(data),
success : function(response)
{}
});
});
最后,它传递给过滤器以确保CSFR令牌通过并与服务器中存在的内容匹配
如果令牌不匹配,则应重定向到登录页面 这是问题重定向导致500错误(内部服务器错误(并且没有重定向和弹出框仍然显示任何帮助?
public class CsrfFilter implements Filter
{
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
boolean validToken = realToken.equals(requestToken);
if (validToken)
{
chain.doFilter(request, response);
return;
}
else
{
UriBuilder redirectUri = UriBuilder.fromUri("/login");
try
{
String returnUrl = new URI(req.getHeader("referer")).getPath();
redirectUri.queryParam("r", returnUrl);
}
catch (URISyntaxException | NullPointerException e)
{
// We don't need a return URL
}
res.sendRedirect(redirectUri.build().toString());
}
}
}
我的网页
<th:block th:fragment="createTicketFormModal">
<div id="createNewTicket" class="modal fade" role="dialog" aria-labelledby="myModalLabel" data-backdrop="static" aria-hidden="true" data-modal-index="1">
<div class="modal-dialog">
<div class="modal-content">
<div class="create-header modal-header">
<button class="close" type="button" data-dismiss="modal" aria-hidden="true">×</button>
<h4 id="edit-admin-modal" class="modal-title create-title">Create Ticket</h4>
</div>
<div class="modal-body">
<form id="create-ticket-form" class="create-form" method="POST" action="/cats/tickets/new">
<div class="alert alert-danger form-errors collapse"></div>
<!-- The form buttons -->
<input id="createTicketButton" class="btn btn-primary btn-block catsSubmit" type="button" value="Create Ticket" />
<button id="createTicketFormClearButton" class="btn btn-info btn-block" type="button">Clear</button>
<button class="btn btn-default btn-block" type="button" data-dismiss="modal">Close</button>
<input id="file-id" type="hidden" />
</form>
</div>
</div>
</div>
</div>
</th:block>
错误堆栈
java.lang.IllegalStateException: UT010019: Response already commited
io.undertow.servlet.spec.HttpServletResponseImpl.sendRedirect(HttpServletResponseImpl.java:173)
com.ephibian.j2ee.security.CsrfFilter.RedirectToLogin(CsrfFilter.java:194)
它看起来像是发生在您的 servlet 中的异常。 尝试跳入调试器并在此处发布异常消息。
最后我想出了为什么会这样,如果你从Ajax发送请求,你不能使用response.sendRedirect("location")作为应该处理这个重定向的客户端进行重定向
因此,最好发送错误消息并在客户端处理此重定向
要像这样
//this mean its Ajax call
if ("XMLHttpRequest".equals(req.getHeader("X-Requested-With"))) {
res.sendError(Status.BAD_REQUEST.getStatusCode(),
String.format("Invalid %s", CSRF_TOKEN_PARAM));
} else {
UriBuilder redirectUri = UriBuilder.fromUri("/login");
try {
String returnUrl = new URI(req.getHeader("referer")).getPath();
redirectUri.queryParam("r", returnUrl);
} catch (URISyntaxException | NullPointerException e) {
// We don't need a return URL
}
res.sendRedirect(redirectUri.build().toString());
}
和客户端
$('#createTicketButton').click(function(event)
{
$.ajax({
processData : false,
contentType : 'application/json',
url : 'myUrl',
"accept" : 'json',
"dataType" : 'json',
"type" : "POST",
data : JSON.stringify(data),
success : function(response)
{}, error: function (xhr, ajaxOptions, thrownError) {
if(xhr.responseText.search("Invalid csrf_token")){
window.location.replace("location"); --> here where we redirect the call
}
}
});
});