使用过滤器类的重定向过多

Posted

技术标签:

【中文标题】使用过滤器类的重定向过多【英文标题】:too many redirects using filter class 【发布时间】:2017-07-02 08:37:03 【问题描述】:

JSF 2.2 和 Primefaces 6.0

我正在尝试使用过滤器类进行身份验证会话控制。但是过滤器类运行了 21 次并且浏览器设置了错误消息 ERR_TOO_MANY_REDIRECTS。

Web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>maintenancemonitoring</display-name>
    <context-param>
        <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
        <param-value>.xhtml</param-value>
    </context-param>
    <context-param>
        <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
    </context-param>
    <context-param>
        <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
        <param-value>resources.application</param-value>
    </context-param>
    <listener>
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
    </listener>
    <filter>
        <filter-name>authFilter</filter-name>
        <filter-class>view.filters.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>authFilter</filter-name>
        <url-pattern>*.xhtml</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>cupertino</param-value>
    </context-param>
    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>
</web-app>

过滤器类:

public void
        doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException,
                                                                                                         ServletException 
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    request.setCharacterEncoding("UTF-8");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    HttpSession session = request.getSession();

    System.out.println("aaaaa");

    String currentLoginId = null;
    if(session.getAttribute("currentLoginId")!=null)
        currentLoginId = (String) session.getAttribute("currentLoginId");
    

    if(currentLoginId != null)
        setResponseHeaders(response);
        filterChain.doFilter(request, response);
     else 
        response.sendRedirect(request.getContextPath() + "/faces/login.xhtml");
    


private void setResponseHeaders(HttpServletResponse httpResponse) 
    httpResponse.addHeader("Pragma", "no-cache");
    httpResponse.addHeader("Cache-Control", "no-cache");
    httpResponse.addHeader("Cache-Control", "must-revalidate");
    httpResponse.addHeader("Cache-Control", "post-check=0");
    httpResponse.addHeader("Cache-Control", "pre-check=0");
    httpResponse.addHeader("Cache-Control", "no-store");
    httpResponse.addDateHeader("Expires", 0);

loginBean 中的登录操作:

public String actionLogin(ActionEvent actionEvent) throws ServletException, IOException 
    HttpServletRequest request = (HttpServletRequest) getExternalContext().getRequest();
    HttpServletResponse response = (HttpServletResponse) getExternalContext().getResponse();

    AuthUser user = getValidUser();

    request.setAttribute("user", user);

    if (user == null) 
        addMessage("Kullanıcı adı ya da şifre hatalı");
        return null;
    

    return handleUserLogin(user, request, response);

在 loginHandler 类中创建会话:

private String createNewSessionAndRedirect(HttpServletRequest request, HttpServletResponse response, AuthUser user) 
    HttpSession session = getSessionForRequest(request);

    session.setAttribute("currentLoginId", user.getUserName());

    if (request.isRequestedSessionIdValid() && session != null && session.getAttribute("currentLoginId") != null) 
        try 
            response.sendRedirect(request.getContextPath() + "/faces/welcome.xhtml");
         catch (IOException e) 
            e.printStackTrace();
        
    
    return "/welcome.xhtml";

【问题讨论】:

你应该检查重定向response.sendRedirect(request.getContextPath() + "/faces/login.xhtml");是否匹配过滤器,如果这不是递归调用。 我更正了 ypur 问题中的标记。请下次标记更好 注意:当你得到一个异常时,你应该添加 Stacktrace @AxelH 我检查了重定向 url 并且 url 是真的 @EmreArslan 我不明白你的最后一句话... url 是真的 ? 【参考方案1】:

我看到这个错误的原因是递归调用。

由于您正在过滤每个 .xthml 页面,并且在过滤器中您将重定向到

response.sendRedirect(request.getContextPath() + "/faces/login.xhtml"); 

您正在过滤此重定向本身。您应该转发请求,因为您已将过滤器设置为在 REQUEST 上工作,而不是在 FORWARD 上工作。

<filter-mapping>
    <filter-name>authFilter</filter-name>
    <url-pattern>*.xhtml</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

转发看起来像这样(不完全是,不记得过滤器中的确切代码......):

ServletContext.getRequestDispatcher("/faces/welcome.xhtml").forward()

仅当您将&lt;dispatcher&gt;FORWARD&lt;/dispatcher&gt; 添加到过滤器映射时,转发才会被过滤

【讨论】:

还可以查看这篇文章,了解如何从重定向(过滤)中排除某些 url:***.com/questions/3125296/… @dognose 确实,没有足够的信息,我根本没有考虑更一般的排除。我相信这是一个不同的答案。

以上是关于使用过滤器类的重定向过多的主要内容,如果未能解决你的问题,请参考以下文章

java中的重定向是啥意思?

JSP如何实现网页重定向

神奇"HTTPS重定向网页"在哪里?

JSF过滤器在初始重定向后不重定向[关闭]

伪静态网址301重定向到静态网址怎么实现

将单页 http 重定向到 https