开发者

web.xml - Java Servlet Filters - Not being run before processing the JSP page (on Tomcat)

问答 作者:

I am fairly new to Servlet Filters and have basically joined a project using them and added an additional filter to the web.xml file (deployed on Tomcat 5.5).

I am 95% sure that at some point it was working correctly but now when debugging if I put breakpoints at the top of the JSP page I am trying to view (login.jsp), it's template page (page.jsp) and within both of the configured filter's doFilter() method; it runs through the whole of the login.jsp page (top to bottom), then page.jsp and the starts processing the filters.

I need it to run the filters first, since one of them determines the language the page should be displayed in (checking cookies, db settings and browser settings) which should then apply to the login.jsp.

Has anyone got any suggestions as to what might be going wrong?

There is a lot of code I could be posting but am not convinced that would be of any use since it's all working just in the wrong order.

Snippets from the web.xml:

<web-app>
...
<filter>
        <filter-name开发者_如何学Python>SetSecurityContextFilter</filter-name>
        <filter-class>
            com.section2.SecurityContextServletFilter
        </filter-class>
    </filter>

<filter>
    <filter-name>SetLocaleFilter</filter-name>
    <filter-class>
        com.section2.locale.LocaleServletFilter
    </filter-class>
</filter>

<filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>

<filter>
    <filter-name>ActiveUserFilter</filter-name>
    <filter-class>com.section2.ActiveUserFilter</filter-class>
</filter>

    <filter-mapping>
        <filter-name>trinidad</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>

    <filter-mapping>
        <filter-name>SetSecurityContextFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>SetLocaleFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>ActiveUserFilter</filter-name>
        <url-pattern>/pages/section2/user/*</url-pattern>
    </filter-mapping>

...
</web-app>

Thanks in advance.

How is the Filter code organized? Are you maybe calling first FilterChain#doFilter() and only thereafter doing the needed logic?

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
    // Any code here will be executed BEFORE passing request through JSP/Servlet.
    chain.doFilter(request, response);
    // Any code here will be executed AFTER passing request through JSP/Servlet.
}

Thanks for your replies - I have now understood the issue fully...it only happens for the login.jsp page, none of the other pages. And in my case, the login .jsp page is a special case because it is usually viewed as a result of a redirect.

In the web.xml:

<login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login.jsp?error=true</form-error-page>
        </form-login-config>
    </login-config>

And I presume because of this, the filters are not hit in the usual order! Added a call from the login page to do what the filter does and all is well.

Thanks again.

The reason that the filter's weren't called for login.jsp is that Tomcat's interpretation of the spec is that authentication is part of the container, not part of the webapp, and so occurs outside the role of filters. Hence filters aren't applied to the login page (login.jsp in this case) or j_security_check.

ref: https://issues.apache.org/bugzilla/show_bug.cgi?id=21795 - the title only references j_security_check, but the discussion covers the whole form-based authentication mechanism.

One obvious error is in the trinidad filter mapping. It should not have a servlet-name, but a url-pattern.

I had the same problem when I wrote:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
   if(...) {
      response.sendRedirect(url);
   }
   chain.doFilter(request, response);
}

instead

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
   if(...) {
      response.sendRedirect(url);
      return;
   }
   chain.doFilter(request, response);
}

继续阅读:servlet-filterstomcatweb.xml

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9