Prevent users from directly accessing URL permission control (using filters)

This is the content of a filter,

[Java]
Public void dofilter (servletrequest request, servletresponse response,
Filterchain chain) throws ioexception, servletexception {
Httpservletrequest Req = (httpservletrequest) request;
Httpservletresponse resp = (httpservletresponse) response;
String constring = "";
Constring = req. getheader ("Referer"); // get the parent URL -- if it is not directly entered, it is the previously accessed page. If it is entered by the user, this parent URL does not exist.
If ("". Equals (constring) | null = constring) {// if the previous directory is empty, the user directly enters the URL for access.
String servletpath = Req. getservletpath (); // the current request URL, removing several pages that can be accessed directly.
If (servletpath. Contains ("index. jsp") | servletpath. Contains ("admin/login. jsp") {// skip index. jsp and log on to login. jsp
Chain. dofilter (request, response );
} Else {
Resp. sendredirect ("/ejuornal/index. jsp"); // jump back to the homepage
}
} Else {
Chain. dofilter (request, response );
}
}

Public void dofilter (servletrequest request, servletresponse response,
Filterchain chain) throws ioexception, servletexception {
Httpservletrequest Req = (httpservletrequest) request;
Httpservletresponse resp = (httpservletresponse) response;
String constring = "";
Constring = req. getheader ("Referer"); // get the parent URL -- if it is not directly entered, it is the previously accessed page. If it is entered by the user, this parent URL does not exist.
If ("". Equals (constring) | null = constring) {// if the previous directory is empty, the user directly enters the URL for access.
String servletpath = Req. getservletpath (); // the current request URL, removing several pages that can be accessed directly.
If (servletpath. Contains ("index. jsp") | servletpath. Contains ("admin/login. jsp") {// skip index. jsp and log on to login. jsp
Chain. dofilter (request, response );
} Else {
Resp. sendredirect ("/ejuornal/index. jsp"); // jump back to the homepage
}
} Else {
Chain. dofilter (request, response );
}
} The following is the configuration file of the filter.

[HTML]
<? XML version = "1.0" encoding = "UTF-8"?>
<Web-app xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xmlns = "http://java.sun.com/xml/ns/javaee" xmlns: Web = "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi: schemalocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
Version = "2.5">
<Display-Name> </display-Name>
<Welcome-file-List>
<Welcome-File> index. jsp </welcome-File>
</Welcome-file-List>
<Filter>
<Filter-Name> filterpages </filter-Name>
<Filter-class> com. ejuornal. Filter. filterpages </filter-class>
</Filter>
<Filter-mapping>
<Filter-Name> filterpages </filter-Name>
<URL-pattern> *. jsp </url-pattern>
</Filter-mapping>
</Web-app>

<? XML version = "1.0" encoding = "UTF-8"?>
<Web-app xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xmlns = "http://java.sun.com/xml/ns/javaee" xmlns: Web = "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi: schemalocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
Version = "2.5">
<Display-Name> </display-Name>
<Welcome-file-List>
<Welcome-File> index. jsp </welcome-File>
</Welcome-file-List>
<Filter>
<Filter-Name> filterpages </filter-Name>
<Filter-class> com. ejuornal. Filter. filterpages </filter-class>
</Filter>
<Filter-mapping>
<Filter-Name> filterpages </filter-Name>
<URL-pattern> *. jsp </url-pattern>
</Filter-mapping>
</Web-app> This will jump back to the home page when you directly enter the URL.

 

However, there are two issues that need attention. The usage of chain. dofilter (request, response); in the filter ---------- error is as follows:

[HTML]
Public void dofilter (servletrequest request, servletresponse response,
Filterchain chain) throws ioexception, servletexception {
Httpservletrequest Req = (httpservletrequest) request;
Httpservletresponse resp = (httpservletresponse) response;
String constring = "";
Constring = Req. getheader ("Referer"); // obtain the parent URL
If ("". Equals (constring) | null = constring ){
String servletpath = Req. getservletpath (); // the current request URL
If (servletpath. Contains ("index. jsp") | servletpath. Contains ("admin/login. jsp ")){
Chain. dofilter (request, response );
} Else {
Resp. sendredirect ("/ejuornal/index. jsp ");
}
}
<Span style = "color: # ff0000"> chain. dofilter (request, response); </span>
}

Public void dofilter (servletrequest request, servletresponse response,
Filterchain chain) throws ioexception, servletexception {
Httpservletrequest Req = (httpservletrequest) request;
Httpservletresponse resp = (httpservletresponse) response;
String constring = "";
Constring = Req. getheader ("Referer"); // obtain the parent URL
If ("". Equals (constring) | null = constring ){
String servletpath = Req. getservletpath (); // the current request URL
If (servletpath. Contains ("index. jsp") | servletpath. Contains ("admin/login. jsp ")){
Chain. dofilter (request, response );
} Else {
Resp. sendredirect ("/ejuornal/index. jsp ");
}
}
Chain. dofilter (request, response );
}
If this is done, it will be as follows:

 

 
 

Two pages overlap because two chains. dofilter (request, response); are executed.

That is to say, executing chain. dofilter (request, response); is the execution of a request.