欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

ContextFilter过滤器

程序员文章站 2022-07-13 13:54:34
...
配置的例子

<filter>
        <filter-name>ContextFilter</filter-name>
        <display-name>ContextFilter</display-name>
        <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
        <init-param>
            <param-name>disableContextSecurity</param-name>
            <param-value>N</param-value>
        </init-param>
        <init-param>
            <param-name>allowedPaths</param-name>
            <param-value>/error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/static:/js</param-value>
        </init-param>
        <init-param>
            <param-name>errorCode</param-name>
            <param-value>403</param-value>
        </init-param>
        <init-param>
            <param-name>redirectPath</param-name>
            <param-value>/control/main</param-value>
        </init-param>
    </filter>




1.allowedPaths参数

该参数的初始化如下

首先可以看到的是每次新的request过来都会被解析allowedPath,也许这里可以优化一下

if (request.getAttribute(ContextFilter.FORWARDED_FROM_SERVLET) == null) {
            // Debug.logInfo("In ContextFilter.doFilter, FORWARDED_FROM_SERVLET is NOT set", module);
            String allowedPath = config.getInitParameter("allowedPaths");
            String redirectPath = config.getInitParameter("redirectPath");
            String errorCode = config.getInitParameter("errorCode");

            List<String> allowList = StringUtil.split(allowedPath, ":");
            allowList.add("/");  // No path is allowed.
            allowList.add("");   // No path is allowed.




往下点代码有类似这样的一段

if (!allowList.contains(requestPath) && !allowList.contains(requestInfo) && !allowList.contains(httpRequest.getServletPath())) {


这是说当request的资源名不位于allowedPath 中
那么接下去是

String filterMessage = "[Filtered request]: " + contextUri;

                if (redirectPath == null) {
                    int error = 404;
                    if (UtilValidate.isNotEmpty(errorCode)) {
                        try {
                            error = Integer.parseInt(errorCode);
                        } catch (NumberFormatException nfe) {
                            Debug.logWarning(nfe, "Error code specified would not parse to Integer : " + errorCode, module);
                        }
                    }
                    filterMessage = filterMessage + " (" + error + ")";
                    wrapper.sendError(error, contextUri);
                } else {
                    filterMessage = filterMessage + " (" + redirectPath + ")";
                    if (!redirectPath.toLowerCase().startsWith("http")) {
                        redirectPath = httpRequest.getContextPath() + redirectPath;
                    }
                    wrapper.sendRedirect(redirectPath);
                }
                Debug.logWarning(filterMessage, module);
                return;
            }



wrapper.sendRedirect(redirectPath);这句会把你给重定向到其他地方。

redirectPath是我们上面配置的

<init-param>
            <param-name>redirectPath</param-name>
            <param-value>/control/main</param-value>
</init-param>



一般都是配置为重定向/control/main。

如果我们把/control从allowedPaths删除掉就会发现请求不断被重定向到/control/main。最后ko了。。。。。

本文转载自:
http://liyixing.tk:20080/articles/2015/04/14/1428998097305.html
相关标签: ofbiz