public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest servletrequest,
ServletResponse servletresponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletrequest;
HttpServletResponse res = (HttpServletResponse) servletresponse;
HttpSession session = req.getSession();
String path = req.getRequestURI();
if (path.indexOf("login.jsp") == -1
&& session.getAttribute("user_name") == null) {
res.sendRedirect("login.jsp");
} else {
chain.doFilter(req, res);
}
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}配置文件<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>cn.equip.util.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/main.jsp</url-pattern>
</filter-mapping>
介绍一下:main.jsp <%@ page language="java" pageEncoding="gbk"%><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=GB18030">
<title></title> </head> <frameset rows="80,650*" cols="*" frameborder="NO" border="0"
framespacing="0">
<frame src="head.html" name="topFrame" frameborder="no" scrolling="NO"
noresize marginwidth="0" marginheight="0">
<frameset cols="171,836*" frameborder="NO" border="0" framespacing="0"
rows="*" name="workaround">
<frameset rows="15,*" cols="*" framespacing="0" frameborder="NO"
border="0">
<frame src="hidden_left_frame.html" name="topFrame1"
frameborder="no" scrolling="no" noresize>
<frame name="leftFrame" noresize scrolling="NO" src="menu.html"
frameborder=NO marginwidth="0" marginheight="0">
</frameset>
<frameset rows="15,*" cols="*" framespacing="0" frameborder="no"
border="0">
<frame src="toolbar.jsp" name="toolBar" frameborder="no"
scrolling="no" noresize marginwidth="0" marginheight="0"
id="toolBar">
<!--
<frameset rows="*,50" cols="*" framespacing="0" frameborder="NO" border="0" >
-->
<frame name="main" src="about.html" marginWidth=0 scrolling="yes"
marginheight="0" noresize>
<!--
<frame src="statusbar.html" name="bottomFrame" scrolling="NO" noresize>
</frameset>
-->
</frameset>
</frameset>
</frameset>
<noframes>
<body bgcolor="#FFFFFF"> </body>
</noframes>
</html>
也就是若是main.JSP 则可以url非法登录,其它不可以这个框架结构的页面,咋就不行呢
public void destroy() {
}
public void doFilter(ServletRequest servletrequest,
ServletResponse servletresponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletrequest;
HttpServletResponse res = (HttpServletResponse) servletresponse;
HttpSession session = req.getSession();
String path = req.getRequestURI();
if (path.indexOf("login.jsp") == -1
&& session.getAttribute("user_name") == null) {
res.sendRedirect("login.jsp");
} else {
chain.doFilter(req, res);
}
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}配置文件<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>cn.equip.util.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/main.jsp</url-pattern>
</filter-mapping>
介绍一下:main.jsp <%@ page language="java" pageEncoding="gbk"%><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=GB18030">
<title></title> </head> <frameset rows="80,650*" cols="*" frameborder="NO" border="0"
framespacing="0">
<frame src="head.html" name="topFrame" frameborder="no" scrolling="NO"
noresize marginwidth="0" marginheight="0">
<frameset cols="171,836*" frameborder="NO" border="0" framespacing="0"
rows="*" name="workaround">
<frameset rows="15,*" cols="*" framespacing="0" frameborder="NO"
border="0">
<frame src="hidden_left_frame.html" name="topFrame1"
frameborder="no" scrolling="no" noresize>
<frame name="leftFrame" noresize scrolling="NO" src="menu.html"
frameborder=NO marginwidth="0" marginheight="0">
</frameset>
<frameset rows="15,*" cols="*" framespacing="0" frameborder="no"
border="0">
<frame src="toolbar.jsp" name="toolBar" frameborder="no"
scrolling="no" noresize marginwidth="0" marginheight="0"
id="toolBar">
<!--
<frameset rows="*,50" cols="*" framespacing="0" frameborder="NO" border="0" >
-->
<frame name="main" src="about.html" marginWidth=0 scrolling="yes"
marginheight="0" noresize>
<!--
<frame src="statusbar.html" name="bottomFrame" scrolling="NO" noresize>
</frameset>
-->
</frameset>
</frameset>
</frameset>
<noframes>
<body bgcolor="#FFFFFF"> </body>
</noframes>
</html>
也就是若是main.JSP 则可以url非法登录,其它不可以这个框架结构的页面,咋就不行呢
之后打印或者调试一下,看看path值是什么?