<!- A Protected resource本例之保護查面)-> <security-constraint> <web-resource-collection> <web-resource-name>Customer Action</web-resource-name> do</url-pattern> /web-resource-collection> </security-constraint> 接著請看 SignOnFilter實際運作的主要函式 do Filter·約在107列 public void doFilter( Servlet Request request, ServletResponse response Filter Chain chain) throws IOException, Servlet Exception i Httpservletr I-(httpservLetRequestor String currentURI- hreq getRequestURLO. toString (; String currentURL= hreq getRequestURIO; ∥ get everything after int firstSlash=currentURL. indexof("/", 1); // jump past the starting slash String targetURL =null; 取得使用者欲前往之URL·以本例來說·即是 customer do if (first Slash I =-1)targetURL= currentURL substring( firstSlash+ 1 urrentURL. length) 判斷使用者從登入董面( Signon. screen)進行驗證工作 if( targetURL !=null)&& targetURL equals(FORM SIGNON URL))( alidate SignOn( request, response, chain) //jump out of this method return: // check if the user is signed on 檢查使用者是否登入過,從 Session取出登入標記,作判斷之用 boolean signedOn= false if(hreq get Session(). getAttribute(SIGNED ON USER)I=null)( signedOn = Boolean hreq getSession( get Attribute(SIGNED ON USER). boolean value i else i<!-- A Protected Resource(本例之保護畫面)--> <security-constraint> <web-resource-collection> <web-resource-name>Customer Action</web-resource-name> <url-pattern>customer.do</url-pattern> </web-resource-collection> </security-constraint> 接著請看 SignOnFilter 實際運作的主要函式 doFilter()，約在 107 列： public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hreq = (HttpServletRequest)request; String currentURI = hreq.getRequestURL().toString(); String currentURL = hreq.getRequestURI(); // get everything after the context root int firstSlash = currentURL.indexOf("/",1); // jump past the starting slash String targetURL = null; //取得使用者欲前往之 URL，以本例來說，即是 customer.do if (firstSlash != -1) targetURL = currentURL.substring(firstSlash + 1, currentURL.length()); //判斷使用者從登入畫面(signon.screen)進行驗證工作 if ((targetURL != null) && targetURL.equals(FORM_SIGNON_URL)) { validateSignOn(request, response, chain); // jump out of this method return; } // check if the user is signed on //檢查使用者是否登入過，從 Session 取出登入標記，作為判斷之用 boolean signedOn = false; if (hreq.getSession().getAttribute(SIGNED_ON_USER) != null) { signedOn =((Boolean)hreq.getSession().getAttribute(SIGNED_ON_USER)).boolean Value(); } else {