Java Servlet Filter 不传递 POST 请求 +佐普
我正在使用 Jetty 透明代理 Servlet 与 ZOPE ( python ) 集成。这使我能够应用各种 java 过滤器,而不会弄乱 ZOPE 及其扩展。我们主要使用它来进行身份验证和分配权限。
它对于 ZOPE 提供的常规网页(假设 GET 请求)完美地工作,但在处理 ZOPE 上托管的 POST 表单时它不起作用。
我发现请求正确地通过了过滤器链(途中还有几个过滤器)最后出了问题。我可以观察到请求到达 ZOPE(使用请求日志),但响应永远不会返回。我调查 ZOPE 上任何内容的能力有限 - 只能查看其请求日志。
这不是代理的错误,因为当所有过滤器都关闭时,一切都会正常工作。
我可以对请求/响应对象做一些事情吗? 我的过滤器中是否缺少某些内容? 哪里可以挖掘更多?
这是我使用的过滤器的精简示例。
public class AuthFilter implements Filter{
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
String secret = request.getParameter("cessotk");
if ( secret != null && secret.equals (SECRET_TOKEN ) ){
log ("Discovered secret user");
session.setAttribute(AUTH_PARAM, true);
AuthUser secretUser = new AuthUser();
secretUser.setUsername("SECRET_SYSTEM_USER");
session.setAttribute(AUTH_USER_KEY, secretUser );
chain.doFilter(request, response);
}
}
}
I am using Jetty Transparent Proxy Servlet for integration with ZOPE ( python ). This allows me to apply various java filters without without messing up with ZOPE and its extensions. We are using it mostly for authentication and assigning privileges.
It is working perfectly for regular web pages served by ZOPE ( assuming GET requests ) but its not working when dealing with POST forms hosted on ZOPE.
I discovered that request is properly passed thru the filter chain ( there are few more filters on the way ) something goes wrong at the end. I can observe request reaching ZOPE ( using request logs ) but response never comes back. I have limited ability to investigate anything on ZOPE - only watching its request log.
Its not fault of proxy because when all filters are switched off everything works fine.
Can I do something with request/response object?
Am I missing something in my filters?
Where can I dig more?
Here is stripped down example of the filter I use.
public class AuthFilter implements Filter{
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
String secret = request.getParameter("cessotk");
if ( secret != null && secret.equals (SECRET_TOKEN ) ){
log ("Discovered secret user");
session.setAttribute(AUTH_PARAM, true);
AuthUser secretUser = new AuthUser();
secretUser.setUsername("SECRET_SYSTEM_USER");
session.setAttribute(AUTH_USER_KEY, secretUser );
chain.doFilter(request, response);
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论