<返回更多

禁止用户直接访问jsp页面的N种办法

2022-01-04    青山依旧337
加入收藏

1.把JSP页面放在WEB-INF目录下,存放在此目录或者它的子目录里的任何东西都受到了保护。

2.使用servlet过滤器过滤对jsp页面的请求。

import	JAVAx.servlet.*;	
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; 
import java.io.IOException; 
import java.io.Writer;
public class AdminsessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig)throws ServletException {
}
@Override
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)
throws IOException,ServletException

{

	HttpServletRequest httpServletRequest=(HttpServletRequest)request;
	HttpServletResponse httpServletResponse=(HttpServletResponse)response;
	
	String url =httpServletRequest.getRequestURI(); 
	if(url!= null && url.endsWith(".jsp")){
		String contextPath=httpServletRequest.getContextPath();
		httpServletResponse.sendRedirect(contextPath+"/index.html");
		return;
	}
	chain.doFilter(httpServletRequest,httpServletResponse);
}

@Override
public void destroy(){
}


}

3.在部署文件web.xml中使用安全限制.配置如下:

<span style="mangin:8px;padding:epx;border:8px;font-size:18px;background:transparent;"><security-constraint>
<web-resource-collection>
<web-resource-name>JSPs</web-resource-name>
<url-pattern>/web/*</url-pattenn><!--拍绝直接访web文件夹下的所有页面--></web-resource-collection><auth-constraint/></security-constraint>
<login-config>
<auth-method>BASIC</auth-method><!--验证才式(BASIC/FORM)--></login-config></span>
声明:本站部分内容来自互联网,如有版权侵犯或其他问题请与我们联系,我们将立即删除或处理。
▍相关推荐
更多资讯 >>>