tomcat6换7之后为什么在jsp页面session.setAttribute( ),后端java代码怎么都获取不到这个属性?
后端代码:
package com.cdc.core.filter;
import java.io.IOException;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.cdc.core.util.RsaUtil;
/**
- 验证码验证过滤器及防止CSRF攻击
-
@author SnoopyChen (ceo@vmeitime.com)
*
*/
public class CodeFilter implements Filter {public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpSession session = req.getSession();RSAPrivateKey privateKey = (RSAPrivateKey)session.getAttribute("privateKey"); String random = req.getParameter("random"); String username = req.getParameter("j_username"); String tokenStr = req.getParameter("tokenStr"); try{ String sessionTokenStr = req.getSession().getAttribute("tokenStr").toString(); String sRand = (String)session.getAttribute("rand"); if( null != sRand && null!=random && sessionTokenStr.equals(RsaUtil.decryptStringByJs(privateKey, tokenStr))) { if(sRand.equalsIgnoreCase(RsaUtil.decryptStringByJs(privateKey,random.trim()))){ session.removeAttribute("rand"); HashMap<Object,Object> map=new HashMap(request.getParameterMap()); String password = request.getParameter("j_password").toString(); password = RsaUtil.decryptStringByJs(privateKey, password); map.put("j_password", password); map.put("j_username", RsaUtil.decryptStringByJs(privateKey, username));
// // System.out.println(password);
ParameterRequestWrapper wrapRequest=new ParameterRequestWrapper(req,map); chain.doFilter(wrapRequest, response);
// chain.doFilter(request, response);
}else{
request.setAttribute("codeError","验证码输入不正确!");
request.setAttribute("username",RsaUtil.decryptStringByJs(privateKey, username));
//request.getRequestDispatcher("/user/login.jsp").forward(request,response);
request.getRequestDispatcher("/").forward(request,response);
}
}else{
request.getRequestDispatcher("/").forward(request,response);
}
}catch (Exception e){
e.printStackTrace();
request.setAttribute("codeError","登录失败,请重试!");
request.getRequestDispatcher("/").forward(request,response);
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}