SSH做的简单的留言系统中有如下地址
http://localhost:8888/yqia/findDetail.action?ID=16
如果有人直接在地址栏输入id,就可以直接到指定的页面
我想把后面的ID隐藏掉,或者加密成其他字符串,用UrlRewriteFilter可以实现么?或者有什么其他的方法可以对url进行加密
我用UrlRewriteFilter实现的方法是:
在urlrewrite.xml配置文件中添加规则:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
"http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
<!--
Configuration file for UrlRewriteFilter
http://tuckey.org/urlrewrite/
-->
<urlrewrite> <rule>
<from>/yqia/([0-9]+).html</from>
<to>/../yqia/findDetail.action?ID=</to>
</rule></urlrewrite>web.xml中配置如下:
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
可是还是实现不了,不知道是不是有什么配置没有配好,我的那个通过ID查找的JSP代码是:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>问题库管理</title>
<link type="text/css" rel="stylesheet"
href="${pageContext.request.contextPath}/admin/css/css.css"></link>
<script type="text/javascript" charset="utf-8"
src="${pageContext.request.contextPath}/admin/js/checkbox.js"></script>
</head> <body onload="getCheckboxNum()">
<jsp:include page="head.jsp"></jsp:include>
<br />
<div class=gTitle>
<B class=mTT>问题库</B> (共
<B id=oTotal>${questionNum[0]}</B> 个问题,其中
<A title="" href="findRespondQuestion.action">已解决</A>
<B class="" id=oTotalUnRead>${questionNum[2]}</B> 个,
<A title="" href="findUnRespondQuestion.action">待解决</A>
<B class="fnt_Red" id=oTotalUnRead>${questionNum[1]}</B> 个)
</DIV>
<form name="checkboxform" action="#" method="post">
<table id="table" cellspacing="0 ">
<tr>
<th width="15" scope="col">
</th>
<th width="96" scope="col">
提问者
</th>
<th width="15" scope="col"></th>
<th width="329" scope="col">
标题
</th>
<th width="202" scope="col">
提问时间
</th>
<th width="140" scope="col">
操作
</th>
</tr>
<c:forEach items="${questionList}" var="question" varStatus="stauts">
<tr>
<td class="td_class">
<input type=checkbox name=C${stauts.index+1}
value="${question.id}" />
</td>
<td class="td_class">
${question.asker }
</td>
<td class="td_class">
<c:if test="${question.state==1}">
<img src="${pageContext.request.contextPath}/admin/images/1.png"
title="已解决" />
</c:if>
<c:if test="${question.state==0}">
<img src="${pageContext.request.contextPath}/admin/images/0.png"
title="未解决" />
</c:if>
</td>
<td class="td_class">
<a href="findDetail?ID=${question.id}">${question.title }</a>
</td>
<td class="td_class">
${question.posttime }
</td>
<td class="td_class">
<a href="deleteQuestion.action?ID=${question.id }"
onclick="return confirm('确定删除?')">删除</a>
<c:if test="${question.state==1}">
<a href="findQusetion.action?ID=${question.id}"><script
type="text/javascript"> </script>
修改</a>
</td>
</c:if>
<c:if test="${question.state==0}">
<a href="findDetail?ID=${question.id}">回答</a>
</td>
</c:if> </tr>
</c:forEach>
</table>
</form>
<div id="table_nav">
<div id="select">
选择:
<a href="javascript:checkAll()">全选</a> -
<a href="javascript:uncheckAll()">全不选</a> -
<a href="javascript:switchAll()">反选</a>
<B color="red"> <a href="javascript:deleteAll()">删除</a> </B>
</div> <div id="page">
第${currentPage}页/共${totalPage}页
<%-- 输出页面跳转代码, 分链接和静态文字两种 --%>
<c:if test="${currentPage > 1}">
[<a
href="${pageContext.request.contextPath}/findAllQuestion?page=1">首页</a> ]
[<a
href="${pageContext.request.contextPath}/findAllQuestion?page=${currentPage-1}">上一页</a> ]
</c:if>
<c:if test="${currentPage <= 1}">
[ 首页 ]
[ 上一页 ]
</c:if>
<c:if test="${currentPage < totalPage}">
[ <a
href="${pageContext.request.contextPath}/findAllQuestion.action?page=${currentPage+1}">下一页</a> ]
[ <a
href="${pageContext.request.contextPath}/findAllQuestion.action?page=${totalPage}">末页</a> ]
</c:if>
<c:if test="${currentPage >= totalPage}">
[ 下一页 ]
[ 末页 ]
</c:if> <%-- 输出 JavaScript 跳转代码 --%>
<script>
// 页面跳转函数
// 参数: 包含页码的表单元素,例如输入框,下拉框等
function jumpPage(input) {
// 页码相同就不做跳转
if(input.value == ${currentPage}) {
return;
}
//判断输入页码是否为数字
if(isNaN(input.value)){
alert("页码只能是数字");
input.value = ${currentPage};
return false;
}
//判断输入页码是否在1与最大值之间
if(input.value <1 || input.value>${totalPage}){
alert("页码不存在");
input.value = ${currentPage};
return false;
}
var newUrl = "${pageContext.request.contextPath}/findAllQuestion.action?page=" + input.value;
document.location = newUrl;
}
</script>
转到
<!-- 输出 HTML SELECT 元素, 并选中当前页面编码 -->
<select onchange='jumpPage(this);'> <c:forEach var="i" begin="1" end="${totalPage}">
<option value="${i}"
<c:if test="${currentPage == i}">
selected
</c:if>>
第${i}页
</option>
</c:forEach> </select>
输入页码:
<input type="text" value="${currentPage}" id="jumpPageBox" size="3">
<input type="button" value="跳转"
onclick="jumpPage(document.getElementById('jumpPageBox'))">
</div>
</div>
<br>
<br>
<br>
<!-- 加载footer页面 -->
<jsp:include page="../footer.html"></jsp:include>
</body>
</html>就是里面的<a href="findDetail?ID=${question.id}"></a>暴露了ID
请教大家有什么办法?
http://localhost:8888/yqia/findDetail.action?ID=16
如果有人直接在地址栏输入id,就可以直接到指定的页面
我想把后面的ID隐藏掉,或者加密成其他字符串,用UrlRewriteFilter可以实现么?或者有什么其他的方法可以对url进行加密
我用UrlRewriteFilter实现的方法是:
在urlrewrite.xml配置文件中添加规则:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
"http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
<!--
Configuration file for UrlRewriteFilter
http://tuckey.org/urlrewrite/
-->
<urlrewrite> <rule>
<from>/yqia/([0-9]+).html</from>
<to>/../yqia/findDetail.action?ID=</to>
</rule></urlrewrite>web.xml中配置如下:
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
可是还是实现不了,不知道是不是有什么配置没有配好,我的那个通过ID查找的JSP代码是:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>问题库管理</title>
<link type="text/css" rel="stylesheet"
href="${pageContext.request.contextPath}/admin/css/css.css"></link>
<script type="text/javascript" charset="utf-8"
src="${pageContext.request.contextPath}/admin/js/checkbox.js"></script>
</head> <body onload="getCheckboxNum()">
<jsp:include page="head.jsp"></jsp:include>
<br />
<div class=gTitle>
<B class=mTT>问题库</B> (共
<B id=oTotal>${questionNum[0]}</B> 个问题,其中
<A title="" href="findRespondQuestion.action">已解决</A>
<B class="" id=oTotalUnRead>${questionNum[2]}</B> 个,
<A title="" href="findUnRespondQuestion.action">待解决</A>
<B class="fnt_Red" id=oTotalUnRead>${questionNum[1]}</B> 个)
</DIV>
<form name="checkboxform" action="#" method="post">
<table id="table" cellspacing="0 ">
<tr>
<th width="15" scope="col">
</th>
<th width="96" scope="col">
提问者
</th>
<th width="15" scope="col"></th>
<th width="329" scope="col">
标题
</th>
<th width="202" scope="col">
提问时间
</th>
<th width="140" scope="col">
操作
</th>
</tr>
<c:forEach items="${questionList}" var="question" varStatus="stauts">
<tr>
<td class="td_class">
<input type=checkbox name=C${stauts.index+1}
value="${question.id}" />
</td>
<td class="td_class">
${question.asker }
</td>
<td class="td_class">
<c:if test="${question.state==1}">
<img src="${pageContext.request.contextPath}/admin/images/1.png"
title="已解决" />
</c:if>
<c:if test="${question.state==0}">
<img src="${pageContext.request.contextPath}/admin/images/0.png"
title="未解决" />
</c:if>
</td>
<td class="td_class">
<a href="findDetail?ID=${question.id}">${question.title }</a>
</td>
<td class="td_class">
${question.posttime }
</td>
<td class="td_class">
<a href="deleteQuestion.action?ID=${question.id }"
onclick="return confirm('确定删除?')">删除</a>
<c:if test="${question.state==1}">
<a href="findQusetion.action?ID=${question.id}"><script
type="text/javascript"> </script>
修改</a>
</td>
</c:if>
<c:if test="${question.state==0}">
<a href="findDetail?ID=${question.id}">回答</a>
</td>
</c:if> </tr>
</c:forEach>
</table>
</form>
<div id="table_nav">
<div id="select">
选择:
<a href="javascript:checkAll()">全选</a> -
<a href="javascript:uncheckAll()">全不选</a> -
<a href="javascript:switchAll()">反选</a>
<B color="red"> <a href="javascript:deleteAll()">删除</a> </B>
</div> <div id="page">
第${currentPage}页/共${totalPage}页
<%-- 输出页面跳转代码, 分链接和静态文字两种 --%>
<c:if test="${currentPage > 1}">
[<a
href="${pageContext.request.contextPath}/findAllQuestion?page=1">首页</a> ]
[<a
href="${pageContext.request.contextPath}/findAllQuestion?page=${currentPage-1}">上一页</a> ]
</c:if>
<c:if test="${currentPage <= 1}">
[ 首页 ]
[ 上一页 ]
</c:if>
<c:if test="${currentPage < totalPage}">
[ <a
href="${pageContext.request.contextPath}/findAllQuestion.action?page=${currentPage+1}">下一页</a> ]
[ <a
href="${pageContext.request.contextPath}/findAllQuestion.action?page=${totalPage}">末页</a> ]
</c:if>
<c:if test="${currentPage >= totalPage}">
[ 下一页 ]
[ 末页 ]
</c:if> <%-- 输出 JavaScript 跳转代码 --%>
<script>
// 页面跳转函数
// 参数: 包含页码的表单元素,例如输入框,下拉框等
function jumpPage(input) {
// 页码相同就不做跳转
if(input.value == ${currentPage}) {
return;
}
//判断输入页码是否为数字
if(isNaN(input.value)){
alert("页码只能是数字");
input.value = ${currentPage};
return false;
}
//判断输入页码是否在1与最大值之间
if(input.value <1 || input.value>${totalPage}){
alert("页码不存在");
input.value = ${currentPage};
return false;
}
var newUrl = "${pageContext.request.contextPath}/findAllQuestion.action?page=" + input.value;
document.location = newUrl;
}
</script>
转到
<!-- 输出 HTML SELECT 元素, 并选中当前页面编码 -->
<select onchange='jumpPage(this);'> <c:forEach var="i" begin="1" end="${totalPage}">
<option value="${i}"
<c:if test="${currentPage == i}">
selected
</c:if>>
第${i}页
</option>
</c:forEach> </select>
输入页码:
<input type="text" value="${currentPage}" id="jumpPageBox" size="3">
<input type="button" value="跳转"
onclick="jumpPage(document.getElementById('jumpPageBox'))">
</div>
</div>
<br>
<br>
<br>
<!-- 加载footer页面 -->
<jsp:include page="../footer.html"></jsp:include>
</body>
</html>就是里面的<a href="findDetail?ID=${question.id}"></a>暴露了ID
请教大家有什么办法?
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货