<% //防止直接输入URL访问页面,但是不能防止从其他的地方连接过来 //加到JSP页面里面 String c="Please input your name and password!Thank you!"; String ComeUrl = ""; ComeUrl = request.getHeader("REFERER");//取得上一级页面的RUL if (ComeUrl == null) { response.sendRedirect("index.jsp?c="+c); }%>
//Filter可以彻底防止直接输入URL访问页面和从其他地方连接//1。首先在登陆页面要把SESSION传递给ActionFilter //往ActionFilter里传递一个session值 HttpSession session=request.getSession(); session.setAttribute("username", "123");
//2。还要在配置文件里面加入<filter> <filter-name>right</filter-name> <filter-class>com.insert.ActionFilter</filter-class> </filter> <filter-mapping> <filter-name>right</filter-name> <url-pattern>/index1.jsp</url-pattern> //需要防止那些文件就加入那些JSP文件 </filter-mapping>
//3。ActionFilter类package com.insert;import javax.servlet.Filter;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.FilterChain;import java.io.IOException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpSession;import javax.servlet.http.HttpServletResponse;
public class ActionFilterimplements Filter {public void init(FilterConfig filterConfig) throws ServletException{}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);//从session里取的用户名信息String username = (String) session.getAttribute("username");//判断如果没有取到用户信息,就跳转到登陆页面if (username == null || "".equals(username)){ //跳转到登陆页面 String c="Please input your name and password!Thank you!"; res.sendRedirect("index.jsp?errorurl="+c); }else{ //已经登陆,继续此次请求 chain.doFilter(request,response); } }
public void destroy() { }}