在研究servlet中的安全性约束和过滤器时,我在web.xml文件中做了以下声明,这些声明无法正常工作:
BeerSelector
/SelectBeer.do
GET
POST
Admin
LoginFilter
model.MyFilter
LoginFilter
/SelectBeer.do
根据我读到的内容:在请求到达某个url之前应该遇到过滤器,那么,为什么首先调用security-constraint呢?
我知道从安全方面来说这是有道理的(要达到你认证的过滤器),但我想知道请求触发的序列.
容器是否首先搜索安全资源,从而触发安全约束?
但这与Head First Servlets和Jsp引用的以下段落相矛盾“
Remember that in the DD, the is about what
happens after the request. In other words, the client has already made
the request when the Container starts looking at the
elements to decide how to respond. The request
data has already been sent over the wire
或者请求只是触发两者:filter和security-constraint,但是安全约束比过滤器更受青睐?