There is an authorization system filter and servlet. The filter checks the session for id, and the servlet goes to the database and checks if there is such a user. But a strange thing happens: authorization does not take place the first time, but only if there is a session, and the instructions.getRequestDispatcher request.getRequestDispatcher("/WEB-INF/views/index.jsp") in the servlet are simply ignored.

Here is the filter:

 @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest req = (HttpServletRequest) request; final HttpServletResponse res = (HttpServletResponse) response; final HttpSession session = req.getSession(false); if (nonNull(session) && sessionContainKey(session)) { req.getRequestDispatcher("/WEB-INF/views/index.jsp") .forward(req, res); } else { req.getRequestDispatcher("/WEB-INF/views/login.jsp") .forward(req, res); } filterChain.doFilter(request, response); }

And this is the servlet:

 @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { if (userExistInDB(request, getDBExecutor())) { setSessionAttribute(request.getSession(), request.getParameter("name")); request.getRequestDispatcher("/WEB-INF/views/index.jsp") //Вот здесь должен произойти перезод но его не происходит. Почему? .forward(request, response); } else {...} } catch (SQLException e) { e.printStackTrace(); } }

That is, the problem is that the authorization only takes place when the session has been added, but not the first time, although it seems to me that the filter should have worked, and the solution is based on the servlet ...

Tell me what's wrong? How can I fix this? Thank.

  • 2
    The filter may fire twice. At the entrance and at the exit, before and after the servlet. - Sergey
  • one
    There is an opinion that in the filter after forward it is not necessary to transfer the request further to the chain. - Sergey
  • @Sergey unfortunately when I remove the doFilter transition does not occur at all (((( Pavel
  • You can try in the servlet - response.sendRedirect("") . - Tsyklop

1 answer 1

The first filter is triggered. The filter is not the most typical example of middleware (some aspects may at first be puzzling, for example, an external code based on the response of the filtering method usually manages the filter chain) through which the request passes before landing in a servlet. The logic of the filter assumes that if it has completed processing before the servlet and the servlet does not need to transfer the request (for example, if the request came from the wrong content-type, it is easier to chop it up at the input), then it simply will not call chain.doFilter() , and the response object will already be initialized with the necessary values. In this example, .doFilter() is always called, which means that the request will reach the servlet exactly and be processed - and, apparently, the repeated call to request.getRequestDispatcher() simply overwrites the old value with the new one. To get rid of this, you just need not to call filterChain.doFilter() .