我正在使用Java / J2EE和JSF开发Web应用程序。我的应用程序包含几个页面,其中包含用户输入登录名和密码的登录页面。我的问题是,当我输入任何页面的网址时,我可以访问它而无需通过登录页面。怎么预防这个?
答案 0 :(得分:-1)
你给我的答案对我不起作用。我不得不重写init()方法:
public void init(FilterConfig filterConfig) throws ServletException {
String urls = filterConfig.getInitParameter("restrictedPages");
StringTokenizer token = new StringTokenizer(urls, ",");
ArrayList<String> urlList = new ArrayList<>();
while (token.hasMoreTokens()) {
urlList.add(token.nextToken());
}
}
我在网上添加了这些内容。 xml
<init-param>
<param-name>restrictedPages</param-name>
<param-value>/login.jsp</param-value>
</init-param>
我的doFilter方法是:
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("idCustomer") == null) {
response.sendRedirect("/login.jsp");
} else {
chain.doFilter(req, res);
}
}