Use filter to disallow direct access to JSPs



A Application Struts

Struts, as a Web MVC Framework, separates the view presentation and processing logic, reduces coupling, allows changes to the interface view without recompiling the logical part, and the need to adjust the logical structure without modifying the view portion as business requirements change. Thanks to its flexible configuration and simple operability, it has been widely used in the industry. By configuring the struts.xml file, users easily establish a mapping of views and models.

Exmaple:

<package name= "Student" namespace= "/student" extends= "Struts-default" >    <action name= "Add" class= " Com.struts.action.Student "method=" Add ">        <result>/Student_Add.jsp</result>    </action >    <action name= "add_test" class= "Com.struts.action.Student" method= "Add" ><result>/student_ Add.jsp</result>    </action></package>

struts.xml configuration file made as above, the user enters in the browser address bar http://xxx/student/add Span style= "Font-family:times New Roman" >student_add.jsp http://xxx/student/add_test    is also actually access student_add.jsp com.struts.action.student add method.

two. Access jsp

struts Framework program is usually through action jsp struts provides many web elements to improve developer efficiency. The direct access includes struts web jsp The page usually introduces exceptions such as Span style= "Font-family:times New Roman" >ognl exception. Sometimes, for security reasons, users are also prevented from accessing the jsp

There are several ways to disable direct user access to JSPs , and since the project uses struts, we should implement it in a consistent manner with struts.

Three Filter Filter JSP

We know that Struts is filtering the blocking client request based on filter , and we can also customize the filter to implement special filtering, such as filtering JSP requests. The syntax format is as follows:

F ilter definitions, including names and actual processing classes.

<filter>    <filter-name>URLfilter</filter-name>    <filter-class> Com.struts.filter.myurlfilter</filter-class></filter>

Filter filtering definition, including name and intercept pattern matching < can also be Servlet name>

<filter-mapping>    <filter-name>URLfilter</filter-name>    <url-pattern>/*</ Url-pattern></filter-mapping>

Filterand its out ofWeb. XMLThe order is related,Filterdefinition must be located infilter-mappingin the front, in multipleUrl-patternmatch the case, follow thefilter-mappingthe order in which they appear is used in sequenceFilterbe processed. So interceptJSPof theFiltershould be located inStruts FilterFront.

Consider the filter processing class below.

package Com.struts.filter;import java.io.IOException;  Import Javax.servlet.Filter;    Import Javax.servlet.FilterChain;  Import Javax.servlet.filterconfig;import javax.servlet.ServletException;  Import Javax.servlet.ServletRequest;  Import Javax.servlet.ServletResponse;  Import Javax.servlet.http.HttpServletRequest;   Import Javax.servlet.http.HttpServletResponse; public class Myurlfilter implements filter{public void Destroy () {} public void DoFilter (ServletRequest req, Se Rvletresponse Res,filterchain Filterchan) throws IOException, servletexception {System.out.println ("My filter Begi N to ");        HttpServletRequest httpreq = (httpservletrequest) req; Convert to HttpServletRequest to get the address information contained, the requested parameter, the submitted data string Url = Httpreq.getrequesturi (); if (Url.endswith (". jsp")) {//    Judge the URL with the JSP end System.out.println (". JSP was filtered!");    HttpServletResponse httpres = (httpservletresponse) res; System.out.println (Httpreq.getcontextpath ()); 

            Httpres.sendredirect (Httpreq.getcontextpath () + "/student/add/");    Redirect to an action    return;} else{    filterchan.dofilter (req, res);}    }    public void init (Filterconfig arg0) throws Servletexception {System.out.println ("Myfilter init!");}    }

This way, all Direct requests to the JSP are intercepted and redirected to an action, through the action and JSP map to access the corresponding JSP or HTML Resources.

Use filter to disallow direct access to JSPs