今天用ssh2寫了個簡單的系統(tǒng),發(fā)現(xiàn)了一個問題,我這系統(tǒng)必須先登錄成功才能進入主頁,但我在瀏覽器里直接輸入主頁地址,發(fā)現(xiàn)也能進入,這個肯定不好,毫無安全性可言,后經(jīng)查資料發(fā)現(xiàn)需要登錄過濾器,就試了下,發(fā)現(xiàn)果然可以避免未經(jīng)登錄即可進入主頁的危險,下面是我整理出的詳細步驟:
1.首先寫一個權(quán)限過濾filter類,實現(xiàn)Filter接口
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class LoginFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // 獲得在下面代碼中要用的request,response,session對象 HttpServletRequest servletRequest = (HttpServletRequest) request; HttpServletResponse servletResponse = (HttpServletResponse) response; HttpSession session = servletRequest.getSession(); // 獲得用戶請求的URI String path = servletRequest.getRequestURI(); //System.out.println(path); // 從session里取員工工號信息 String empId = (String) session.getAttribute("empId"); /*創(chuàng)建類Constants.java,里面寫的是無需過濾的頁面 for (int i = 0; i < Constants.NoFilter_Pages.length; i++) { if (path.indexOf(Constants.NoFilter_Pages[i]) > -1) { chain.doFilter(servletRequest, servletResponse); return; } }*/ // 登陸頁面無需過濾 if(path.indexOf("/login.jsp") > -1) { chain.doFilter(servletRequest, servletResponse); return; } // 判斷如果沒有取到員工信息,就跳轉(zhuǎn)到登陸頁面 if (empId == null || "".equals(empId)) { // 跳轉(zhuǎn)到登陸頁面 servletResponse.sendRedirect("/JingXing_OA/login.jsp"); } else { // 已經(jīng)登陸,繼續(xù)此次請求 chain.doFilter(request, response); } } @Override public void destroy() { // TODO Auto-generated method stub }} |
2.然后在web.xml里配置需要登陸權(quán)限驗證的JSP文件:
a.如果是某個具體的JSP文件(如a.jsp)需要登陸驗證
|
1
2
3
4
5
6
7
8
9
|
<!-- 配置登陸過濾器 --><filter> <filter-name>login</filter-name> <filter-class>com.jingxing.oa.filter.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>login</filter-name> <url-pattern>/*</url-pattern></filter-mapping> |
b.如果是某一個目錄(如a/目錄)整個目錄下的文件都需要登陸驗證:
|
1
2
3
4
5
6
7
8
9
|
<!-- 配置登陸過濾器 --> <filter> <filter-name>login</filter-name> <filter-class>com.jingxing.oa.filter.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>login</filter-name> <url-pattern>/a/*</url-pattern> </filter-mapping> |
以上所述是小編給大家介紹的Java web過濾器驗證登錄防止未登錄進入界面,希望對大家有所幫助,如果大家有任何疑問請給我留言,小編會及時回復(fù)大家的。在此也非常感謝大家對服務(wù)器之家網(wǎng)站的支持!
原文鏈接:http://blog.csdn.net/kpchen_0508/article/details/41088827
