http request bypasses Filter implementation instance
Scene:Two web servers, A is used as server, B is the client, and B accesses A remotely through Hessian. A has added a session expired filter to check whether the session expires through user information. In this case, Hessian will send it to the filter first. If the filter fails to read the user information, it will be considered expired, causing an error.
Solution: Let the hessian request bypass the session expired filter.
In the filter configuration, the exclusion cannot be added, so the initialization parameter needs to be used to give unfiltered requests. The format of the filtering in this example is >/SarService.
<!--sessionExpiredfilter --> <filter> <init-param> <param-name>exclusions</param-name> <param-value>/SarService</param-value> </init-param> <filter-name>loginFilter</filter-name> <filter-class> </filter-class> </filter> <filter-mapping> <filter-name>loginFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
In the Filter class, excclusions are read in init and judged in doFilter. as follows:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// Since session belongs to the HTTP category, it is necessary to transform down to the HttpServletRequest type HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse)response;
HttpSession session = (); // Get session
String username = (String) ("username");
StringBuffer fileURL = ();
if(()!=-1){
(request, response);
}
else{
//Original processing code }
}
public void init(FilterConfig config) throws ServletException {
// TODO Auto-generated method stub
=("exclusions");
}
Thank you for reading, I hope it can help you. Thank you for your support for this site!