1.把JSP页面放在WEB-INF目录下,存放在此目录或者它的子目录里的任何东西都受到了保护,今天小编就来说说关于jsp用户访问流程?下面更多详细答案一起来看看吧!

jsp用户访问流程(禁止用户直接访问jsp页面的N种办法)

jsp用户访问流程

1.把JSP页面放在WEB-INF目录下,存放在此目录或者它的子目录里的任何东西都受到了保护。

2.使用servlet过滤器过滤对jsp页面的请求。

import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.io.Writer; public class AdminsessionFilter implements Filter { @Override public void init(FilterConfig filterConfig)throws ServletException { } @Override public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,ServletException { HttpServletRequest httpServletRequest=(HttpServletRequest)request; HttpServletResponse httpServletResponse=(HttpServletResponse)response; String url =httpServletRequest.getRequestURI(); if(url!= null && url.endsWith(".jsp")){ String contextPath=httpServletRequest.getContextPath(); httpServletResponse.sendRedirect(contextPath "/index.html"); return; } chain.doFilter(httpServletRequest,httpServletResponse); } @Override public void destroy(){ } }

3.在部署文件web.xml中使用安全限制.配置如下:

<span style="mangin:8px;padding:epx;border:8px;font-size:18px;background:transparent;"><security-constraint> <web-resource-collection> <web-resource-name>JSPs</web-resource-name> <url-pattern>/web/*</url-pattenn><!--拍绝直接访web文件夹下的所有页面--></web-resource-collection><auth-constraint/></security-constraint> <login-config> <auth-method>BASIC</auth-method><!--验证才式(BASIC/FORM)--></login-config></span>

,