我已经设置了过滤器,能够防止除了login.jsp之外的所有*.jsp页面在未登录的情况下非法登录,但刚这几天突然发现通过类似http://localhost:8080/TuShu/queryall.action?pageNow=1的地址在未登录情况下也能非法访问,请问这要怎么解决啊
解决方案 »
- 图片切换
- gridpanel放到tab里为何url请求不能触发struts。哪位大侠帮帮我
- XStream反序列化json的出了郁闷的问题,急啊
- 帮忙看看SSH异常
- 网页显示的数据,但是通过右键看网页源代码时却看不到数据。请问这种情况是如何实现的?
- 谁用过jsp tree tag请给小弟指点一下,谢谢了,急用
- JSP/Servlet/javabean构建三层系统,的一些疑问和不解???
- 100 point for JSTL in action,Core JSTL
- 好东西,来看看哦~~~~~~,!!!!
- HTML如何转换成标准EXCEL
- jsp与jquery
- oralce数据库,Hibernate用JPA注释自动生成主键报的异常很纠结
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>net.pms.web.filter.SessionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>//这个地方改一下
</filter-mapping> 试试吧,记得是这样的。
这个没有啊,要自己写的,写什么呢?
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;import com.opensymphony.xwork2.ActionContext;public class LoginFilter implements Filter {
private FilterConfig config;
@Override
public void destroy() {
this.config = null;
} @Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest hsr = (HttpServletRequest)arg0;
HttpSession session = hsr.getSession(true);
String requestPath = hsr.getServletPath();
System.out.println("当前地址为:"+requestPath);
if(session.getAttribute("name") == null && !requestPath.endsWith("/login.jsp")&& !requestPath.endsWith("/signin.jsp")){
arg0.setAttribute("illegallogin","您还没登陆!");
arg0.getRequestDispatcher("/login.jsp").forward(arg0, arg1);
}else{
arg2.doFilter(arg0, arg1);
}
} @Override
public void init(FilterConfig arg0) throws ServletException {
this.config = arg0;
}}
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;import com.opensymphony.xwork2.ActionContext;public class LoginFilter implements Filter {
private FilterConfig config;
@Override
public void destroy() {
this.config = null;
} @Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest hsr = (HttpServletRequest)arg0;
HttpSession session = hsr.getSession(true);
String requestPath = hsr.getServletPath();
System.out.println("当前地址为:"+requestPath);
if(session.getAttribute("name") == null && !requestPath.endsWith("/login.jsp")&& !requestPath.endsWith("/signin.jsp")){
arg0.setAttribute("illegallogin","您还没登陆!");
arg0.getRequestDispatcher("/login.jsp").forward(arg0, arg1);
}else{
arg2.doFilter(arg0, arg1);
}
} @Override
public void init(FilterConfig arg0) throws ServletException {
this.config = arg0;
}}
<web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>Struts Blank</display-name> <filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter> <filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>loginIllegal</filter-name>
<filter-class>com.xf.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginIllegal</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>encoding</filter-name>
<filter-class>com.xf.filter.ByteFilter</filter-class>
<init-param>
<param-name>charset</param-name>
<param-value>gb2312</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
loginIllegal在最前面,试试。
调整配置信息后,无法正常登陆?
<filter-mapping>
<filter-name>loginIllegal</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
之后增加
<filter-mapping>
<filter-name>loginIllegal</filter-name>
<url-pattern>/*.action</url-pattern>
</filter-mapping>