使用过滤器类的重定向过多

Posted 2023-02-26

【中文标题】使用过滤器类的重定向过多

【英文标题】：too many redirects using filter class

【发布时间】：2017-07-02 08:37:03

【问题描述】：

JSF 2.2 和 Primefaces 6.0

我正在尝试使用过滤器类进行身份验证会话控制。但是过滤器类运行了 21 次并且浏览器设置了错误消息 ERR_TOO_MANY_REDIRECTS。

Web.xml：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <display-name>maintenancemonitoring</display-name>
    <context-param>
        <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
        <param-value>.xhtml</param-value>
    </context-param>
    <context-param>
        <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
    </context-param>
    <context-param>
        <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
        <param-value>resources.application</param-value>
    </context-param>
    <listener>
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
    </listener>
    <filter>
        <filter-name>authFilter</filter-name>
        <filter-class>view.filters.AuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>authFilter</filter-name>
        <url-pattern>*.xhtml</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <context-param>
        <param-name>primefaces.THEME</param-name>
        <param-value>cupertino</param-value>
    </context-param>
    <welcome-file-list>
        <welcome-file>index.xhtml</welcome-file>
    </welcome-file-list>
</web-app>

过滤器类：

public void
        doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException,
                                                                                                         ServletException 
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    request.setCharacterEncoding("UTF-8");
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    HttpSession session = request.getSession();

    System.out.println("aaaaa");

    String currentLoginId = null;
    if(session.getAttribute("currentLoginId")!=null)
        currentLoginId = (String) session.getAttribute("currentLoginId");
    

    if(currentLoginId != null)
        setResponseHeaders(response);
        filterChain.doFilter(request, response);
     else 
        response.sendRedirect(request.getContextPath() + "/faces/login.xhtml");
    


private void setResponseHeaders(HttpServletResponse httpResponse) 
    httpResponse.addHeader("Pragma", "no-cache");
    httpResponse.addHeader("Cache-Control", "no-cache");
    httpResponse.addHeader("Cache-Control", "must-revalidate");
    httpResponse.addHeader("Cache-Control", "post-check=0");
    httpResponse.addHeader("Cache-Control", "pre-check=0");
    httpResponse.addHeader("Cache-Control", "no-store");
    httpResponse.addDateHeader("Expires", 0);

loginBean 中的登录操作：

public String actionLogin(ActionEvent actionEvent) throws ServletException, IOException 
    HttpServletRequest request = (HttpServletRequest) getExternalContext().getRequest();
    HttpServletResponse response = (HttpServletResponse) getExternalContext().getResponse();

    AuthUser user = getValidUser();

    request.setAttribute("user", user);

    if (user == null) 
        addMessage("Kullanıcı adı ya da şifre hatalı");
        return null;
    

    return handleUserLogin(user, request, response);

在 loginHandler 类中创建会话：

private String createNewSessionAndRedirect(HttpServletRequest request, HttpServletResponse response, AuthUser user) 
    HttpSession session = getSessionForRequest(request);

    session.setAttribute("currentLoginId", user.getUserName());

    if (request.isRequestedSessionIdValid() && session != null && session.getAttribute("currentLoginId") != null) 
        try 
            response.sendRedirect(request.getContextPath() + "/faces/welcome.xhtml");
         catch (IOException e) 
            e.printStackTrace();
        
    
    return "/welcome.xhtml";

【问题讨论】：

你应该检查重定向response.sendRedirect(request.getContextPath() + "/faces/login.xhtml");是否匹配过滤器，如果这不是递归调用。

我更正了 ypur 问题中的标记。请下次标记更好

注意：当你得到一个异常时，你应该添加 Stacktrace

@AxelH 我检查了重定向 url 并且 url 是真的

@EmreArslan 我不明白你的最后一句话... url 是真的 ?

【参考方案1】：

我看到这个错误的原因是递归调用。

由于您正在过滤每个 .xthml 页面，并且在过滤器中您将重定向到

response.sendRedirect(request.getContextPath() + "/faces/login.xhtml"); 

您正在过滤此重定向本身。您应该转发请求，因为您已将过滤器设置为在 REQUEST 上工作，而不是在 FORWARD 上工作。

<filter-mapping>
    <filter-name>authFilter</filter-name>
    <url-pattern>*.xhtml</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

转发看起来像这样（不完全是，不记得过滤器中的确切代码......）：

ServletContext.getRequestDispatcher("/faces/welcome.xhtml").forward()

仅当您将<dispatcher>FORWARD</dispatcher> 添加到过滤器映射时，转发才会被过滤

【讨论】：

还可以查看这篇文章，了解如何从重定向（过滤）中排除某些 url：***.com/questions/3125296/…

@dognose 确实，没有足够的信息，我根本没有考虑更一般的排除。我相信这是一个不同的答案。