<% //防止直接输入URL访问页面,但是不能防止从其他的地方连接过来
//加到JSP页面里面
String c="Please input your name and password!Thank you!";
String ComeUrl = "";
ComeUrl = request.getHeader("REFERER");//取得上一级页面的RUL
if (ComeUrl == null) {
response.sendRedirect("index.jsp?c="+c);
}
%>
//Filter可以彻底防止直接输入URL访问页面和从其他地方连接
//1。首先在登陆页面要把SESSION传递给ActionFilter
//往ActionFilter里传递一个session值
HttpSession session=request.getSession();
session.setAttribute("username", "123");
//2。还要在配置文件里面加入
<filter>
<filter-name>right</filter-name>
<filter-class>com.insert.ActionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>right</filter-name>
<url-pattern>/index1.jsp</url-pattern> //需要防止那些文件就加入那些JSP文件
</filter-mapping>
//3。ActionFilter类
package com.insert;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;
public class ActionFilter
implements Filter {
public void init(FilterConfig filterConfig) throws ServletException
{
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
//从session里取的用户名信息
String username = (String) session.getAttribute("username");
//判断如果没有取到用户信息,就跳转到登陆页面
if (username == null || "".equals(username)){
//跳转到登陆页面
String c="Please input your name and password!Thank you!";
res.sendRedirect("index.jsp?errorurl="+c);
}
else{
//已经登陆,继续此次请求
chain.doFilter(request,response);
}
}
public void destroy()
{
}
}