当前页面: 开发资料首页 → JSP 专题 → 验证

验证

摘要: 验证

验证登陆正确后转到一个提示正确的页面然后把正确页满URL复制下在新打开的IE里输入直接还能到那个页面！怎么防止这方法！！！需要阻挡验证下吧。。。。。。。。。。。。请赐教

---

先设置session
然后建立过滤器去拦截未登陆用户

---

楼上的精辟啊
登陆成功以后对SESSION赋值
每个页面第一句就判断SESSION是否被赋值
没有的话说明非法访问了

---

过率器怎么建

---

登陆权限过滤器
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletResponse;

public class RightFilter
implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String username = (String) session.getAttribute("username");//从session里拿到用户名
if (username == null || "".equals(username)) {//验证是否登陆,如果没登陆跳到登陆页
res.sendRedirect("http://"+req.getHeader("Host")+"/login.jsp");
}
else {
chain.doFilter(request,response);
}
}

public void destroy() {
}
}

---

然后在web.xml里配置需要登陆过滤的页面:

right
com.taihuatalk.taihua.common.common.RightFilter