標籤:after generate div rate path inf eth pat lte
spring mvc的攔截器只攔截controller不攔截jsp檔案,如果不攔截jsp檔案也會給系統帶安全性問題。
解決方案有兩種:
1、將所有的jsp檔案放入到WEB-INF檔案夾下,這樣使用者是直接不能訪問WEB-INF檔案下的jsp檔案的。spring mvc的理念也是通過controller裡的@RequestMapping來請求相關jsp頁面,而非使用者直接存取jsp頁面。
接下去寫相關的配置
在springmvc.xml中加入
<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/admin/login.do"/><!--排除攔截頁面--> <bean class="com.ms.controller.LoginInterceptor"></bean> </mvc:interceptor> </mvc:interceptors>
public class LoginInterceptor implements HandlerInterceptor { public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { // TODO Auto-generated method stub } public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { // TODO Auto-generated method stub } public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler) throws Exception { HttpSession session=req.getSession(); Object obj=session.getAttribute("userId"); if(obj==null||obj.toString().equals("")){ req.getRequestDispatcher("/admin/login.do").forward(req, res); return false; } return true; }}
在contoller層
@Controller@RequestMapping("/admin")public class AdminController { @RequestMapping("/login") public String login(){ return "/WEB-INF/jsp/admin/login.jsp"; }}
以上可以解決spring mvc攔截jsp頁面問題
2、還有一種解決方案:jsp如果不放在WEB-INF檔案下,spring mvc是無法攔截的,這種請情況下需要用最原始的servlet的Filter介面,具體可以參照
以下部落格不再贅述。
http://blog.csdn.net/lsx991947534/article/details/45499205
springmvc 攔截器,不攔截jsp檔案
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
