Petstore源码追踪记(3)－商业逻辑处理(二)

    } catch (java.net.MalformedURLException ex) {
            System.err.println("SignonFilter: malformed URL exception: " + ex);
    }
}

它在初始化时会先读取
Petstore_home\src\apps\petstore\src\docroot\WEB-INF\signon-config.xml
，并组成Data Access Object(DAO)，以方便后续程序存取(注3)，此xml档案主
要功用记录登入画面、登入失败画面及所有需登入才能使用的画面之URL，以下是signon-config.xml片段：
<signon-config>

<!-- Form Sign On Page(登入画面)-->
<signon-form-login-page>
  signon.screen
</signon-form-login-page>
<!-- Error Page When Sign On fails(登入失败画面)-->
<signon-form-error-page>
  signon_error.screen
</signon-form-error-page>

<!-- A Protected Resource-->
<security-constraint>
   <web-resource-collection>
    <web-resource-name>Customer Screen</web-resource-name>
    <url-pattern>customer.screen</url-pattern>
   </web-resource-collection>
</security-constraint>

<!-- A Protected Resource(本例之保护画面)-->
<security-constraint>
   <web-resource-collection>
    <web-resource-name>Customer Action</web-resource-name>
    <url-pattern>customer.do</url-pattern>
   </web-resource-collection>
</security-constraint>

接着请看SignOnFilter实际运作的主要函式doFilter()，约在107列：

public  void doFilter(ServletRequest request, ServletResponse  response,
FilterChain chain)  throws IOException, ServletException {
    HttpServletRequest hreq = (HttpServletRequest)request;
    String currentURI = hreq.getRequestURL().toString();
    String currentURL = hreq.getRequestURI();
    // get everything after the context root
    int firstSlash = currentURL.indexOf("/",1); // jump past the starting slash
    String targetURL = null;
    //取得使用者欲前往之URL，以本例来说，即是customer.do
    if (firstSlash != -1) targetURL = currentURL.substring(firstSlash + 1,
currentURL.length());
    //判断使用者从登入画面(signon.screen)进行验证工作
　　　
    if ((targetURL != null) && targetURL.equals(FORM_SIGNON_URL)) {
       validateSignOn(request, response, chain);
       // jump out of this method
       return;
    }

    // check if the user is signed on
    //检查使用者是否登入过，从Session取出登入标记，作为判断之用
    boolean signedOn = false;
    if (hreq.getSession().getAttribute(SIGNED_ON_USER) != null) {
       signedOn
=((Boolean)hreq.getSession().getAttribute(SIGNED_ON_USER)).booleanValue();
    } else {
       hreq.getSession().setAttribute(SIGNED_ON_USER, new Boolean(false));

9 7 3 1 2 3 4 5 4 8 :