Today I wrote a simple system with SSH2, found a problem, I this system must first login successfully to enter the home page, but I entered the browser directly into the home page address, found also can enter, this is certainly not good, no security can be said, after the search data found that need to login filter, they tried, Find out if you can avoid the danger of entering the homepage without logging in, here are the detailed steps I've sorted out:
1. First write a permission filtering filter class to implement the filter interface
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
Import javax.servlet.http.HttpSession; public class Loginfilter implements Filter {@Override public void init (Filterconfig filterconfig) throws Servletexcepti on {//TODO auto-generated a stub} @Override public void Dofilter (ServletRequest request, Servletresponse resp Onse, Filterchain chain) throws IOException, servletexception {//Get Request,response,session object to be used in the following code Httpservle
Trequest ServletRequest = (httpservletrequest) request;
HttpServletResponse servletresponse = (httpservletresponse) response;
HttpSession session = Servletrequest.getsession ();
Gets the URI String path = Servletrequest.getrequesturi () of the user request; System.out.pRINTLN (path);
Take employee work number information from session string empId = (string) session.getattribute ("EmpId"); /* Create Class Constants.java, which is written with no filtering page for (int i = 0; i < Constants.NoFilter_Pages.length; i++) {if Path.indexof (Cons Tants.
Nofilter_pages[i] >-1) {Chain.dofilter (ServletRequest, servletresponse);
Return
}*///Landing page does not need to filter if (Path.indexof ("/login.jsp") >-1) {Chain.dofilter (ServletRequest, servletresponse);
Return //Judge If no employee information is taken, jump to the login page if (empId = null | |
"". Equals (EmpId)) {//Jump to landing page servletresponse.sendredirect ("/jingxing_oa/login.jsp");
else {//has landed, continue this request Chain.dofilter (requests, response); @Override public void Destroy () {//TODO auto-generated method stub}}
2. Then configure the JSP files that require login authorization in Web.xml:
A. If a specific JSP file (such as a.jsp) requires login verification
<!--configuration Login filter-->
<filter>
<filter-name>login</filter-name>
<filter-class >com.jingxing.oa.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>login</filter-name>
<url-pattern>/*</url-pattern>
</ Filter-mapping>
B. If it is a directory (such as A/directory) the entire directory of files need to log in to verify:
<!--configuration Login filter-->
<filter>
<filter-name>login</filter-name>
< filter-class>com.jingxing.oa.filter.loginfilter</filter-class>
</filter>
< filter-mapping>
<filter-name>login</filter-name>
<url-pattern>/a/*</ Url-pattern>
</filter-mapping>
The above is a small series to introduce the Java Web Filter verification login to prevent login to the interface, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!