1.描述
一个普通用户,只有单点登录的权限,通过一些工具获取到系统的其它模块的URL ,在地址栏直接输入,访问,我们在一些按钮做了一些控制,但是部分不具有操作机会的页面还是会展现出来,不影响功能,但是也需要做优化处理
2.代码(JAVA)
@WebFilter(urlPatterns = { "/*" })//(采用注解方式配置filter)
public class MainFilter implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
this.do_filter_inner(request, response, chain);
}
private void go_timeout_proc(ServletResponse response) throws IOException{
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect("超时跳转页面");
}
private void do_filter_inner(ServletRequest request,
ServletResponse response, FilterChain chain) throws IOException,
ServletException {
// 编码处理,
this.do_encode(request, response);//
//手动输入的不合规范的URL路径,没有权限,在此限制
if(!this.do_pass_right(request, response)){
this.go_righterr_proc(response);//跳转到提示页
return;
}
//其他的filter处理
//超时处理
this.go_timeout_proc(response);
}
private boolean do_pass_right(ServletRequest request, ServletResponse response) throws IOException{
HttpServletRequest httpRequest = (HttpServletRequest) request;
String conString = "";
//获取父url
conString = httpRequest.getHeader("REFERER");
if("".equals(conString) || null==conString){
//当前请求url
String servletPath = httpRequest.getServletPath();
//index页,(本工程是部署到Tomact下,并在ROOT目录下配置index文件可通过ip直接访问,所以需放行index页,超时页也要放行)
if(servletPath.contains("index.jsp") || servletPath.contains("login.jsp")|| servletPath.contains("timeout.jsp")){
//没有父url的但是可放行的url路径,此处放行的如有必要可自行在
//"index.jsp"放行,
return true; //返回true为允许通过
}else {
//没有获取到父 url ,判断为非法访问,无系统权限,返回fasle,,做错误权限拦截
Debug.info("父URL:["+conString+"]为null,不是系统内部访问,无权限");
return false;
}
}
return true;//返回true,,只要是有父url的,都不做处理,继续前行,后续处理
}
private void go_righterr_proc(ServletResponse response) throws IOException{
HttpServletResponse res = (HttpServletResponse) response;
res.sendRedirect("/**/right_error.jsp");//跳转到权限错误提示页
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
3.可参考原文链接
https://blog.csdn.net/HeavenPurpleHeart/article/details/50231609