1.把JSP页面放在WEB-INF目录下,存放在此目录或者它的子目录里的任何东西都受到了保护,今天小编就来说说关于jsp用户访问流程?下面更多详细答案一起来看看吧!
jsp用户访问流程
1.把JSP页面放在WEB-INF目录下,存放在此目录或者它的子目录里的任何东西都受到了保护。
2.使用servlet过滤器过滤对jsp页面的请求。
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.Writer;
public class AdminsessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig)throws ServletException {
}
@Override
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)
throws IOException,ServletException
{
HttpServletRequest httpServletRequest=(HttpServletRequest)request;
HttpServletResponse httpServletResponse=(HttpServletResponse)response;
String url =httpServletRequest.getRequestURI();
if(url!= null && url.endsWith(".jsp")){
String contextPath=httpServletRequest.getContextPath();
httpServletResponse.sendRedirect(contextPath "/index.html");
return;
}
chain.doFilter(httpServletRequest,httpServletResponse);
}
@Override
public void destroy(){
}
}
3.在部署文件web.xml中使用安全限制.配置如下:
<span style="mangin:8px;padding:epx;border:8px;font-size:18px;background:transparent;"><security-constraint>
<web-resource-collection>
<web-resource-name>JSPs</web-resource-name>
<url-pattern>/web/*</url-pattenn><!--拍绝直接访web文件夹下的所有页面--></web-resource-collection><auth-constraint/></security-constraint>
<login-config>
<auth-method>BASIC</auth-method><!--验证才式(BASIC/FORM)--></login-config></span>
