方法大致归纳为:
1:如果想隐藏page,则把你的 页面 放到 web-inf下。
2:使用session 来认证,单纯的HTML不好验证!具体来说就是在第一个JSP页面里面传一个Session,每个页面检验Session的值,根据Session的值重定向,
这个实施的前提是要使用过滤器来拦截页面,可以用struts2和Filter技术等。由以下两步完成该功能:1) 配置被拦截的页面,2)从java代码中进行session控制。
下面的这个例子是使用Filter来实施的,至于如何用struts2来处理拦截的jsp页面,跟这个类似的步骤,百度一下就知道了。
step 1.
Java中应用Filter对权限和Session控制
代码如下:
package com.drp.util.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthFilter implements Filter
{
public void destroy() {}
public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse,FilterChain filterChain) throws IOException,
ServletException
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String currentURL = request.getRequestURI();
//取得根目录所对应的绝对路径:
String targetURL = currentURL.substring(currentURL.indexOf("/", 1), currentURL.length());
//截取到当前文件名用于比较
HttpSession session = request.getSession(false);
if (!"/login.jsp".equals(targetURL))
{//判断当前页是否是重定向以后的登录页面页面,如果是就不做session的判断,防止出现死循环
if (session == null || session.getAttribute("user") == null) {
//*用户登录以后需手动添加session
System.out.println("request.getContextPath()=" + request.getContextPath());
response.sendRedirect(request.getContextPath() + "/login.jsp");
return; }}
//加入filter链继续向下执行
filterChain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {}
}
step2.
代码如下:
package com.drp.util.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthFilter implements Filter
{
public void destroy() {}
public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse,FilterChain filterChain) throws IOException,
ServletException
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String currentURL = request.getRequestURI();
//取得根目录所对应的绝对路径:
String targetURL = currentURL.substring(currentURL.indexOf("/", 1), currentURL.length());
//截取到当前文件名用于比较
HttpSession session = request.getSession(false);
if (!"/login.jsp".equals(targetURL))
{//判断当前页是否是重定向以后的登录页面页面,如果是就不做session的判断,防止出现死循环
if (session == null || session.getAttribute("user") == null) {
//*用户登录以后需手动添加session
System.out.println("request.getContextPath()=" + request.getContextPath());
response.sendRedirect(request.getContextPath() + "/login.jsp");
return; }}
//加入filter链继续向下执行
filterChain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {}
}
step2.
用Filter防止用户访问一些未被授权的资源,比如一个用户未登录就不允许访问网站的某些页面,并将页面重定向到需要用户登录的页面,相关例子:
在配置文件web.xml里添加:
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.drp.util.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
//表示对所有jsp文件有效
</filter-mapping>
这样用户没有登录的情况下就会转到登录页面
在配置文件web.xml里添加:
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.drp.util.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
//表示对所有jsp文件有效
</filter-mapping>
这样用户没有登录的情况下就会转到登录页面
147
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
