WebFilter 和 RewriteConfiguration 冲突
WebFilter and RewriteConfiguration conflict
所以我有这个 RewriteConfiguration:
@RewriteConfiguration
public class ApplicationConfigurationProvider extends HttpConfigurationProvider {
/**
* Set the forwarding rules
* @param context
* @return The forwarding rules
*/
@Override
public Configuration getConfiguration(ServletContext context) {
return ConfigurationBuilder.begin()
.addRule()
.when(Path.matches("/secure/{path}.xhtml?"))
.perform(Log.message(Level.INFO, "Server requested path: /secure/{path}"))
.addRule(Join.path("/login").to("/public/login.xhtml"))
.perform(Log.message(Level.INFO, "Forwarded: login"))
.addRule()
.when(Path.matches("/{path}").andNot(Path.matches("/login")))
.perform(Log.message(Level.INFO, "Forwarded': {path}"))
.addRule()
.when(Path.matches("/{path}"))
.perform(Forward.to("/secure/{path}.xhtml"))
;
}
/**
*
* @return
*/
@Override
public int priority() {
return 0;
}
}
这个过滤器:
@WebFilter(filterName = "AuthorizationFilter", urlPatterns = {"/secure/*"})
public class AuthorizationFilter implements Filter {
/**
* Function that filters out unauthorized users and returns them to the login page
* when they try to visit secured pages
* @param request
* @param response
* @param chain
* @throws ServletException
* @throws IOException
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest) request;
AuthorizationBean auth = (AuthorizationBean) req.getSession().getAttribute("authBean");
if (auth == null || !auth.isLoggedIn()) {
// User is not logged in, so redirect to login page.
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath() + "/public/login.xhtml");
} else {
// User is logged in, so just continue request.
chain.doFilter(request, response);
}
}
/**
*
*/
@Override
public void destroy() {
}
/**
*
* @param fc
*/
@Override
public void init(FilterConfig fc) {
}
}
我面临的问题是,例如当我访问页面“http://localhost:8080/webapp/profile" profile is a file in secure, so there is a page "/secure/profile.xhtml", but because of the rewriteConfiguration, just "profile" also works. But the problem is that the WebFiler doesn't capture "profile" it only captures "http://localhost:8080/webapp/secure/profile.xhtml”时。
有没有办法让 "secure" 重写的页面也被过滤器捕获?因此,当我访问页面 "profile" 时,它的处理方式与“/secure/profile.xhtml”相同。
当重写过滤器在身份验证过滤器之前运行并且重写过滤器在内部对目标源执行 RequestDispatcher#forward() 调用时,此构造确实会如所述失败。
过滤器默认仅侦听直接请求。您需要显式添加 FORWARD 调度程序,让过滤器也监听转发的请求。
@WebFilter(
filterName = "authorizationFilter",
urlPatterns = {"/secure/*"},
dispatcherTypes = {DispatcherType.REQUEST, DispatcherType.FORWARD}
)
或web.xml风味:
<filter-mapping>
<filter-name>authorizationFilter</filter-name>
<url-pattern>/secure/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
所以我有这个 RewriteConfiguration:
@RewriteConfiguration
public class ApplicationConfigurationProvider extends HttpConfigurationProvider {
/**
* Set the forwarding rules
* @param context
* @return The forwarding rules
*/
@Override
public Configuration getConfiguration(ServletContext context) {
return ConfigurationBuilder.begin()
.addRule()
.when(Path.matches("/secure/{path}.xhtml?"))
.perform(Log.message(Level.INFO, "Server requested path: /secure/{path}"))
.addRule(Join.path("/login").to("/public/login.xhtml"))
.perform(Log.message(Level.INFO, "Forwarded: login"))
.addRule()
.when(Path.matches("/{path}").andNot(Path.matches("/login")))
.perform(Log.message(Level.INFO, "Forwarded': {path}"))
.addRule()
.when(Path.matches("/{path}"))
.perform(Forward.to("/secure/{path}.xhtml"))
;
}
/**
*
* @return
*/
@Override
public int priority() {
return 0;
}
}
这个过滤器:
@WebFilter(filterName = "AuthorizationFilter", urlPatterns = {"/secure/*"})
public class AuthorizationFilter implements Filter {
/**
* Function that filters out unauthorized users and returns them to the login page
* when they try to visit secured pages
* @param request
* @param response
* @param chain
* @throws ServletException
* @throws IOException
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest) request;
AuthorizationBean auth = (AuthorizationBean) req.getSession().getAttribute("authBean");
if (auth == null || !auth.isLoggedIn()) {
// User is not logged in, so redirect to login page.
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect(req.getContextPath() + "/public/login.xhtml");
} else {
// User is logged in, so just continue request.
chain.doFilter(request, response);
}
}
/**
*
*/
@Override
public void destroy() {
}
/**
*
* @param fc
*/
@Override
public void init(FilterConfig fc) {
}
}
我面临的问题是,例如当我访问页面“http://localhost:8080/webapp/profile" profile is a file in secure, so there is a page "/secure/profile.xhtml", but because of the rewriteConfiguration, just "profile" also works. But the problem is that the WebFiler doesn't capture "profile" it only captures "http://localhost:8080/webapp/secure/profile.xhtml”时。
有没有办法让 "secure" 重写的页面也被过滤器捕获?因此,当我访问页面 "profile" 时,它的处理方式与“/secure/profile.xhtml”相同。
当重写过滤器在身份验证过滤器之前运行并且重写过滤器在内部对目标源执行 RequestDispatcher#forward() 调用时,此构造确实会如所述失败。
过滤器默认仅侦听直接请求。您需要显式添加 FORWARD 调度程序,让过滤器也监听转发的请求。
@WebFilter(
filterName = "authorizationFilter",
urlPatterns = {"/secure/*"},
dispatcherTypes = {DispatcherType.REQUEST, DispatcherType.FORWARD}
)
或web.xml风味:
<filter-mapping>
<filter-name>authorizationFilter</filter-name>
<url-pattern>/secure/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>