Java Servlet 从一个 Servlet 重定向到另一个 Servlet,然后返回到初始 Servlet
我有一个关于 Java Servlet 的问题。
假设我正在访问 servlet 网页“somePage”。我想登录(使用另一个 servlet,“登录”servlet)。因此,我单击“somePage”上的登录链接并重定向到“登录”页面。我输入我的名字和密码,它们都是正确的。登录页面已成功登录。
(现在询问“登录”servlet 的编码)如何对“登录”页面进行编码,以便它将成功登录的用户重定向回“somePage”网页?
主要问题:登录页面如何知道最初重定向到它的页面是“somePage”页面?
我已经检查了很多请求参数,但没有告诉我,是的,您是从页面“somePage”定向的。这些是我看过的参数:
String authType = request.getAuthType();
String pathInfo = request.getPathInfo();
String pathTranslated = request.getPathTranslated();
String getUserName = request.getRemoteUser();
String remoteAdd = request.getRemoteAddr();
String uriString = request.getRequestURI();
String sessionID = request.getRequestedSessionId();
String serverName = request.getServerName();
Integer serverPort = request.getServerPort();
String servletPath = request.getServletPath();
我知道其中一些显然不会给我我正在寻找的答案,但我认为 HttpServletRequest 参数之一必须告诉登录页面谁要求它是显示。任何帮助将不胜感激。我将继续寻找答案。我试图搜索这个问题,但没有找到答案。
I had a question about Java Servlets.
lets say I am on a servlet webpage, 'somePage'. I want to log in (using another servlet, 'login' servlet). So i click on the log-in link on the 'somePage' and get redirected to the 'login' page. I type in my name and password and they are both correct. the login page has successfully logged me in.
(now asking about coding for the 'login' servlet) How do I code the 'login' page so that it will redirect the successfully logged in person back to the, 'somePage' webpage?
Main Question: How does the login page know the page which initially redirected to it is the 'somePage' page?
I have checed out a lot of the request parameters, but non tell me, yes, you were directed from page, 'somePage'. These are the the paramater i have looked at:
String authType = request.getAuthType();
String pathInfo = request.getPathInfo();
String pathTranslated = request.getPathTranslated();
String getUserName = request.getRemoteUser();
String remoteAdd = request.getRemoteAddr();
String uriString = request.getRequestURI();
String sessionID = request.getRequestedSessionId();
String serverName = request.getServerName();
Integer serverPort = request.getServerPort();
String servletPath = request.getServletPath();
I know some of these are obvously not going to give me the answer I am looking for, but I figure one of the HttpServletRequest parameters has got to tell the login page who asked for it to be displayed. Any help would be greatly appreciated. I'm going to continue my search for the answer. I've tried to search for this question, but haven't found an answer.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
有不同的方法可以做到这一点。一种方法是让您的登录页面支持
继续CGI 参数,该参数提供登录成功后要重定向到的 URL。另一种方法是使用传递到登录页面的“Referer”标头,并重定向到该 URL。对于前者,您可以使用 ServletRequest.getParameterMap( ) 获取 CGI 参数并确定是否存在名为
continue的 CGI 参数(或者您选择为该 CGI 参数指定的任何名称);对于后者,您可以使用 HttpServletRequest.getHeader() 获取“Referer”标头。There are different ways of doing this. One way is to have your login page support a
continueCGI parameter that gives the URL to which to redirect after the login is successful. Another way to do this is to use the "Referer" header that was passed to the login page, and redirect to that URL.For the former, you can use ServletRequest.getParameterMap() to get the CGI arguments and determine if there is a CGI parameter named
continue(or whatever name you choose to give to that CGI parameter); for the latter, you can use HttpServletRequest.getHeader() to get the "Referer" header.您应该考虑为您的网络使用基于表单的身份验证,而不是自行实现应用程序。
几乎每个 servlet 容器都支持这一点。
首先,您必须配置安全性。这取决于您的应用程序服务器。即,通过 Jetty,您可以使用数据库方法以及用户及其角色或 LDAP 的表, 在
web.xml中,您打开基于表单的身份验证:
您指定必须提供的两个 JSP 页面。
logon.jsp是插入用户名和密码的登录页面。如果用户名和密码无效,则显示logonError.jsp。整个登录工作流程由应用服务器处理。
如果用户首先访问受保护的 URL,应用程序服务器将显示登录页面。按照惯例,用户名和密码的输入字段应命名为
j_username和j_password。当用户提交登录表单时,服务器检查用户凭据是否有效(根据其配置)。如果是这样,用户将被重定向到原始页面。否则会显示登录错误页面。如果您确实想自己实现它,那么您可以实现 servlet 过滤器,以便所有调用受保护的资源必须通过您的过滤器。
在过滤器中,您可以检查是否已经存在会话以及用户是否已成功登录。然后可以继续正常呼叫。否则,您可以转发到登录页面并将原始 URL 存储在会话中。成功登录后,您可以从会话上下文中读取原始 URL 并重定向到用户首先想要查看的页面。
Instead implementing yourself you should consider using form based authentification for your web app.
Almost every servlet container supports this.
At first you have to configure security. This depends on your application server. I.e. with Jetty you can use a database approach with tables for users and their roles or LDAP, etc.
In
web.xmlyou turn on form based authentification:You specify two JSP pages you have to provide.
logon.jspis the login page for inserting user name and password.logonError.jspis shown, if user name and password are invalid.The whole login workflow is handled by the application server.
If the user first goes to a protected URL, the application server presents the login page instead. As a convention the input fields for user name and passwort should be named
j_usernameandj_password. When the user submits the login form the server checks, if the user crendentials are valid (according to its configuration). If so the user is redirected to the original page. Otherwise the login error page is shown.If you really want to implement it yourself then you can implement a servlet filter so that all calls to protected resources have to pass your filter.
In your filter you can check, if there is already a session present and if the user has successfully logged in. Then the normal call can proceed. Otherwise you can forward to your login page and store the original URL in the session. After a successfull login you can read the original URL out of your session context and redirect to the page the user wanted to see in the first place.