过滤器实现登录验证及拒绝直接输url访问网页
2014-06-18 09:56
281 查看
package com.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import javax.servlet.http.httpsession;
public class authfilter implements filter {
public static final string login_page = "/login.jsp";
public static final string logout_page = "/administrator/public/logout.jsp";
public static final string[] except_page = {"logincheck.jsp"};
public void destroy() {
}
public void dofilter(servletrequest servletrequest, servletresponse servletresponse,
filterchain filterchain) throws ioexception, servletexception {
httpservletrequest request = (httpservletrequest) servletrequest;
/**
* 如果处理http请求,并且需要访问诸如getheader或getcookies等在servletrequest中
* 无法得到的方法,就要把此request对象构造成httpservletrequest
*/
httpservletresponse response = (httpservletresponse) servletresponse;
string currenturl = request.getrequesturi(); // 取得根目录所对应的绝对路径:
httpsession session = request.getsession(false);
boolean bool = false;
for (int i = 0; i< except_page.length; i++){
if (currenturl.indexof(except_page[i])>=0){
bool = true;
break;
}
}
if (currenturl.indexof(login_page) == -1 && currenturl.indexof(logout_page) == -1 && currenturl.indexof(".jsp") > -1 && !bool) {
// 判断当前页是否是重定向以后的登录页面,如果是就不做session的判断,防止出现死循环
string ref = request.getheader("referer"); //是否是从地址栏直接输入的地址吗?
if (session == null || session.getattribute("username") == null || session.getattribute("username").equals("") || (ref==null) || (ref.equals(""))) {
response.sendredirect(request.getcontextpath()
+ logout_page);
return;
}
}
// 加入filter链继续向下执行
filterchain.dofilter(request, response);
}
public void init(filterconfig arg0) throws servletexception {
}
}
-------------------------------------------------------------------------------------------------------
web.xml中设置如下:
<!-- login check begin -->
<filter>
<filter-name>authfilter</filter-name>
<filter-class>com.filter.authfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authfilter</filter-name>
<url-pattern>/administrator/*</url-pattern>
</filter-mapping>
<!-- login check end-->
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import javax.servlet.http.httpsession;
public class authfilter implements filter {
public static final string login_page = "/login.jsp";
public static final string logout_page = "/administrator/public/logout.jsp";
public static final string[] except_page = {"logincheck.jsp"};
public void destroy() {
}
public void dofilter(servletrequest servletrequest, servletresponse servletresponse,
filterchain filterchain) throws ioexception, servletexception {
httpservletrequest request = (httpservletrequest) servletrequest;
/**
* 如果处理http请求,并且需要访问诸如getheader或getcookies等在servletrequest中
* 无法得到的方法,就要把此request对象构造成httpservletrequest
*/
httpservletresponse response = (httpservletresponse) servletresponse;
string currenturl = request.getrequesturi(); // 取得根目录所对应的绝对路径:
httpsession session = request.getsession(false);
boolean bool = false;
for (int i = 0; i< except_page.length; i++){
if (currenturl.indexof(except_page[i])>=0){
bool = true;
break;
}
}
if (currenturl.indexof(login_page) == -1 && currenturl.indexof(logout_page) == -1 && currenturl.indexof(".jsp") > -1 && !bool) {
// 判断当前页是否是重定向以后的登录页面,如果是就不做session的判断,防止出现死循环
string ref = request.getheader("referer"); //是否是从地址栏直接输入的地址吗?
if (session == null || session.getattribute("username") == null || session.getattribute("username").equals("") || (ref==null) || (ref.equals(""))) {
response.sendredirect(request.getcontextpath()
+ logout_page);
return;
}
}
// 加入filter链继续向下执行
filterchain.dofilter(request, response);
}
public void init(filterconfig arg0) throws servletexception {
}
}
-------------------------------------------------------------------------------------------------------
web.xml中设置如下:
<!-- login check begin -->
<filter>
<filter-name>authfilter</filter-name>
<filter-class>com.filter.authfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authfilter</filter-name>
<url-pattern>/administrator/*</url-pattern>
</filter-mapping>
<!-- login check end-->
相关文章推荐
- 过滤器实现登录验证及拒绝直接输URL访问网页
- jsp实现网站浏览过滤器(没有登录就不能访问其他网页)
- anglarjs1.6.3+owin 实现验证之一:统一拒绝非登录访问。
- 防止未登录的用户直接重写URL访问系统
- asp.net的登录验证方法 Web.config 的作用范围 拒绝与巧用允许 访问权限
- php动态网页实现页面静态化 通过在初次被访问时生成html文件保存起来,下次该PHP程序被访问时就直接找到以前被访问过的html页面
- 防止未登录访问 可用过滤器Filter实现
- web中定义过滤器验证登录(未登录没有权限访问页面)
- 在jsp页面使用session来验证未经登录的访问 并完成直接跳转
- 防止用户直接访问url的权限控制(使用过滤器)
- Codeigniter实现处理用户登录验证后的URL跳转
- php动态网页实现页面静态化 通过在初次被访问时生成html文件保存起来,下次该PHP程序被访问时就直接找到以前被访问过的html页面
- servlet+jsp实现过滤器,防止用户未登录访问
- JSONP跨域访问实现登录验证
- 如何实现在网页中直接浏览pdf文件?(网上找到的,还没验证)
- 网页基础第1课之“ 利用 session 实现循环3次登录验证”
- asp.net的登录验证方法 Web.config 的作用范围 拒绝与巧用允许 访问权限
- ASP.NET中实现直接从网页上下载文件,而不须引用文件URL来下载
- HttpServletRequest的getServletPath、getServletURI、getServletURL等区别 &&如何防止用户通过直接输入URL访问网页
- 【WCF安全】SOAP消息实现用户名验证:通过OperationContext直接添加/访问MessageHeader信息