如何修复：提交响应后无法调用 sendRedirect()

Question

当我尝试通过 jsp 页面传递值时，我收到此错误：

java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
    org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:482)
    org.KeyGeneration.doPost(KeyGeneration.java:133)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

这是它的代码：

 package org;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECGenParameterSpec;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Random;
import javax.crypto.KeyAgreement;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


@WebServlet(name = "KeyGeneration", urlPatterns = {"/keyGeneration"})
public class KeyGeneration extends HttpServlet {

    Connection con = null;
    PreparedStatement pst = null;
    ResultSet rst = null;
    String userid = null;
    String secretekey = null;
    String secretU = null;
    String secretV = null;
    String email = null;
    int otp = 0;
    String host = "smtp.gmail.com";
    String port = "587";
    String userName = "emailID";
    String password = "emailPass";

    int i = 0;

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        HttpSession session = request.getSession(true);
        //connection from database
        try {
            con = connection.dbConnection.makeConnection();
        } catch (Exception e) {
        }

        userid = request.getParameter("userid");
        secretekey = request.getParameter("secretkey");

        //Generation ECC Key Agreement
        try {
            KeyPairGenerator kpg;
            kpg = KeyPairGenerator.getInstance("EC", "SunEC");
            ECGenParameterSpec ecsp;
            //String parameter = "sect113r2";
            ecsp = new ECGenParameterSpec(secretekey);
            kpg.initialize(ecsp);
            KeyPair kpU = kpg.genKeyPair();
            PrivateKey privKeyU = kpU.getPrivate();
            PublicKey pubKeyU = kpU.getPublic();            
            KeyPair kpV = kpg.genKeyPair();
            PrivateKey privKeyV = kpV.getPrivate();
            PublicKey pubKeyV = kpV.getPublic();
            KeyAgreement ecdhU = KeyAgreement.getInstance("ECDH");
            ecdhU.init(privKeyU);
            ecdhU.doPhase(pubKeyV, true);
            KeyAgreement ecdhV = KeyAgreement.getInstance("ECDH");
            ecdhV.init(privKeyV);
            ecdhV.doPhase(pubKeyU, true);
            secretU = new BigInteger(1, ecdhU.generateSecret()).toString(16).toUpperCase();
            secretV = new BigInteger(1, ecdhV.generateSecret()).toString(16).toUpperCase();

        } catch (Exception e) {
            e.printStackTrace();
        }

        //Generate  random no
        Random rand = new Random();
        otp = rand.nextInt((999999 - 100000) + 1) + 100000;

        try {
            String query = "SELECT email FROM users WHERE userid = '" + userid + "' AND u_status = '1'";
            pst = con.prepareStatement(query);
            rst = pst.executeQuery();
            if (rst.next()) {
                email = rst.getString(1);
                String subject = "OTP from Secure Cloud using ECC";
                String message = "Your OTP is " + otp;
                //Send email
                try {
                    EmailUtility.sendEmail(host, port, userName, password, email, subject,
                            message);
                    // resultMessage = "The e-mail was sent successfully";
                } catch (Exception ex) {
                    ex.printStackTrace();
                    //resultMessage = "There were an error: " + ex.getMessage();
                }

            } else {
                session.setAttribute("MSG", "Secret key has not been generated.");
                response.sendRedirect("keyexchange.jsp?userid=" + userid);
            }
        } catch (Exception e) {
        }

        try {
            String sqlquery = "update users set user_key=?,secretu=?,user_otp=? where userid = '" + userid + "'";
            pst = con.prepareStatement(sqlquery);
            pst.setString(1, secretekey);
            pst.setString(2, secretU);
            pst.setInt(3, otp);
            i = pst.executeUpdate();
        } catch (Exception e) {
            e.printStackTrace();
        }

        //success or failure message
        if (i > 0) {
            session.setAttribute("MSG", "ECDH Key agreement has been successfully generated.");
            response.sendRedirect("secretkey.jsp?userid=" + userid + "&secretkey=" + secretU);
        } else {
            session.setAttribute("MSG", "Secret key has not been generated.");
            response.sendRedirect("keyexchange.jsp?userid=" + userid);
        }

    }

}

谁能帮帮我？我是个业余爱好者。

Answer 1

问题可能在于您多次拨打response.sendRedirect， 尝试改变这一点：

            } else {
                session.setAttribute("MSG", "Secret key has not been generated.");
                response.sendRedirect("keyexchange.jsp?userid=" + userid);
            }
        } catch (Exception e) {
        }

到这里：

            } else {
                session.setAttribute("MSG", "Secret key has not been generated.");
                response.sendRedirect("keyexchange.jsp?userid=" + userid);
                return;
            }
        } catch (Exception e) {
        }

Answer 2

您的 servlet 不能多次响应重定向指令。尝试这样做会导致您遇到的错误。在以下行被执行后

response.sendRedirect("keyexchange.jsp?userid=" + userid);

您的代码继续执行以下行

try {
    String sqlquery = "update users set user_key=?,secretu=?,user_otp=? where userid = '" + userid + "'";
    pst = con.prepareStatement(sqlquery);
    //....
} catch (Exception e) {
    e.printStackTrace();
}
//success or failure message
if (i > 0) {
    session.setAttribute("MSG", "ECDH Key agreement has been successfully generated.");
    response.sendRedirect("secretkey.jsp?userid=" + userid + "&secretkey=" + secretU);
} else {
    session.setAttribute("MSG", "Secret key has not been generated.");
    response.sendRedirect("keyexchange.jsp?userid=" + userid);
}

因此再次遇到response.sendRedirect。

这是一个设计问题。您可以在第一个 response.sendRedirect 之后放置一个 return 语句，但这会在该代码死后导致代码失效。

你可以通过使用一些变量来解决这个问题，例如

boolean redirect = false;

try {
    String query = "SELECT email FROM users WHERE userid = '" + userid + "' AND u_status = '1'";
    //...
    if (rst.next()) {
        //...
    } else {
        redirect = true;
    }
} catch (Exception e) {
    e.printStackTrace();
}

try {
    String sqlquery = "update users set user_key=?,secretu=?,user_otp=? where userid = '" + userid + "'";
    //...
} catch (Exception e) {
    e.printStackTrace();
}

//success or failure message
if (i > 0) {
    session.setAttribute("MSG", "ECDH Key agreement has been successfully generated.");
    response.sendRedirect("secretkey.jsp?userid=" + userid + "&secretkey=" + secretU);
} else if (redirect) {
    session.setAttribute("MSG", "Secret key has not been generated.");
    response.sendRedirect("keyexchange.jsp?userid=" + userid);
}

这将确保response.sendRedirect 只会被调用一次。

或者，您可以完全删除以下代码块的第一次出现，因为它看起来对我来说没有必要。

else {
    session.setAttribute("MSG", "Secret key has not been generated.");
    response.sendRedirect("keyexchange.jsp?userid=" + userid);
}