关于非法登录的问题

我已经设置了过滤器,能够防止除了login.jsp之外的所有*.jsp页面在未登录的情况下非法登录,但刚这几天突然发现通过类似http://localhost:8080/TuShu/queryall.action?pageNow=1的地址在未登录情况下也能非法访问,请问这要怎么解决啊

解决方案 »

  1.   


       <filter>
               <filter-name>SessionFilter</filter-name>
               <filter-class>net.pms.web.filter.SessionFilter</filter-class>
         </filter>
          <filter-mapping>
               <filter-name>SessionFilter</filter-name>
               <url-pattern>/*</url-pattern>//这个地方改一下
         </filter-mapping>  试试吧,记得是这样的。
      

  2.   

     <url-pattern>里面改什么呢
      

  3.   

    net.pms.web.filter.SessionFilter
    这个没有啊,要自己写的,写什么呢?
      

  4.   

    package com.xf.filter;import java.io.IOException;import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpSession;import com.opensymphony.xwork2.ActionContext;public class LoginFilter implements Filter {
    private FilterConfig config;
    @Override
    public void destroy() {
    this.config = null;
    } @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1,
    FilterChain arg2) throws IOException, ServletException {
    HttpServletRequest hsr = (HttpServletRequest)arg0;
    HttpSession session = hsr.getSession(true);
    String requestPath = hsr.getServletPath();
    System.out.println("当前地址为:"+requestPath);
    if(session.getAttribute("name") == null && !requestPath.endsWith("/login.jsp")&& !requestPath.endsWith("/signin.jsp")){
    arg0.setAttribute("illegallogin","您还没登陆!");
    arg0.getRequestDispatcher("/login.jsp").forward(arg0, arg1);
    }else{
    arg2.doFilter(arg0, arg1);
    }
    } @Override
    public void init(FilterConfig arg0) throws ServletException {
    this.config = arg0;
    }}
      

  5.   

    package com.xf.filter;import java.io.IOException;import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpSession;import com.opensymphony.xwork2.ActionContext;public class LoginFilter implements Filter {
    private FilterConfig config;
    @Override
    public void destroy() {
    this.config = null;
    } @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1,
    FilterChain arg2) throws IOException, ServletException {
    HttpServletRequest hsr = (HttpServletRequest)arg0;
    HttpSession session = hsr.getSession(true);
    String requestPath = hsr.getServletPath();
    System.out.println("当前地址为:"+requestPath);
    if(session.getAttribute("name") == null && !requestPath.endsWith("/login.jsp")&& !requestPath.endsWith("/signin.jsp")){
    arg0.setAttribute("illegallogin","您还没登陆!");
    arg0.getRequestDispatcher("/login.jsp").forward(arg0, arg1);
    }else{
    arg2.doFilter(arg0, arg1);
    }
    } @Override
    public void init(FilterConfig arg0) throws ServletException {
    this.config = arg0;
    }}
      

  6.   

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">    <display-name>Struts Blank</display-name>    <filter>
            <filter-name>struts2</filter-name>
            <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
        </filter>    <filter-mapping>
            <filter-name>struts2</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
      
      <filter>
      <filter-name>loginIllegal</filter-name>
      <filter-class>com.xf.filter.LoginFilter</filter-class>
      </filter>
     
      <filter-mapping>
      <filter-name>loginIllegal</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>
     
      <filter> 
    <filter-name>encoding</filter-name> 
    <filter-class>com.xf.filter.ByteFilter</filter-class> 
    <init-param> 
    <param-name>charset</param-name> 
    <param-value>gb2312</param-value> 
    </init-param> 
    </filter> 

    <filter-mapping> 
    <filter-name>encoding</filter-name> 
    <url-pattern>/*</url-pattern> 
    </filter-mapping>  <welcome-file-list>
        <welcome-file>login.jsp</welcome-file>
      </welcome-file-list>
    </web-app>
      

  7.   

    把struts2和loginIllegal的配置信息调换下,
    loginIllegal在最前面,试试。
      

  8.   

    filter过滤器,写一个filter类在进行判定,如果没有登录直接跳到登录页面,具体用法去网上查
      

  9.   

    是不是按原来的写法,可以过滤所有jsp,并且可以正常登陆;
    调整配置信息后,无法正常登陆?
      

  10.   

    按你原来的顺序,在
    <filter-mapping>
             <filter-name>loginIllegal</filter-name>
             <url-pattern>/*</url-pattern>
         </filter-mapping>
    之后增加 
       <filter-mapping>
             <filter-name>loginIllegal</filter-name>
             <url-pattern>/*.action</url-pattern>
         </filter-mapping>