//登陆过滤器
public class LoginFilter implements Filter { protected FilterConfig filterConfig;
protected String encodingName;
protected boolean enable; public LoginFilter() {
encodingName = "GBK";
enable = false;
} // 初始化
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
} // 每个请求设置编码
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
request.setCharacterEncoding("GBK"); HttpServletRequest httprequest = (HttpServletRequest) request;
HttpServletResponse httpresponse = (HttpServletResponse) response;
HttpSession session = httprequest.getSession();
ActingAdminUser user=new ActingAdminUser();
RequestDispatcher dispatcher=request.getRequestDispatcher("/login.jsp");
System.out.println(dispatcher);
System.out.println(httprequest.getServletPath());
try { //获得在session中所记录的isLogin属性,该属性由登录部分的代码写入
user = (ActingAdminUser) session.getAttribute("user");
if (user!=null||httprequest.getServletPath().startsWith("/adminUser.do")||httprequest.getServletPath().startsWith("/login.jsp")) //验证成功,继续处理
{
chain.doFilter(request, response);
} else //验证不成功,让用户登录。
{
dispatcher.forward(httprequest, httpresponse);
}
} catch (Exception e) {
e.printStackTrace();
}
}当在地址栏输入http://localhost:8080/项目/adminUser.do?pare=toAdminInfo&id=52的时候可以看到id为52的用户的详细,我的登陆界面的登陆按钮是执行adminUser.do?pare=login方法,无形间就给那个漏洞开了绿色通道了,但是我不给adminUser.do通过的话,登陆功能就无法实现,怎么办?怎么补救啊登陆功能不可能再写到别的action了
String type = request.getParameter("pare");
if(type.equals("login")){
执行登录的逻辑。
}else if(type.equals("toAdminInfo") && checkUserPower()){
显示信息的逻辑。
}
)