我正在为我的应用程序创建一个 Web 过滤器,它使用外部身份验证提供程序。如果没有 cookie,或者 cookie 中的令牌无效或过期,则此 Web 过滤器应重定向到登录页面。这对于非 AJAX 请求效果很好,但对于 AJAX 请求,它会向登录表单 URL 发出 AJAX 请求,而不是简单地使用非 AJAX 请求重定向到该 URL。我希望过滤器使用非 AJAX 请求将用户重定向到登录页面,以便用户可以直接输入其凭据。
@WebFilter(urlPatterns = "/*")
public class SecurrityFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String requestURI = httpRequest.getRequestURI();
if (requestURI.matches(".*(css|jpg|png|gif|js)")) {
chain.doFilter(request, response);
return;
}
Cookie[] cookies = httpRequest.getCookies();
boolean cookieExists = false;
String cookieValue = null;
if (cookies != null) {
for (Cookie cookie : cookies) {
if ("miCookie".equals(cookie.getName())) {
cookieExists = true;
cookieValue = cookie.getValue();
break;
}
}
}
if (!cookieExists || !isActiveSession(cookieValue)) {
if (isAjaxRequest(httpRequest)) {
//Redirect to http://localhost:8081/login/database using GET method and not using an ajax request
return;
} else {
httpResponse.sendRedirect("http://localhost:8081/login/database");
return;
}
}
chain.doFilter(request, response);
}
这就是我解决问题的方法
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (isStaticFileRequest(httpRequest)) {
chain.doFilter(request, response);
return;
}
Optional<String> cookie = getCookie(httpRequest);
if (cookie.isEmpty() || !isActiveSession(cookie.get())) {
if (isAjaxRequest(httpRequest)) {
HttpSession session = ((HttpServletRequest) request).getSession(false);
session.invalidate();
} else {
httpResponse.sendRedirect("http://localhost:8081/login/database");
return;
}
}
chain.doFilter(request, response);
}