Filter对Frame网页不起做用?
Spring, Struts, Hibernate, Tomcat
前段问过一个限制用户直接访问网页的问题,朋友们都建议说用Filter最合理,于是尝式了一下,果然不错,可是碰到一个问题,是这样的:
首先,用户通过登陆JSP页登陆系统,在登陆处理的Struts Action里面,我会把一个属性设置到session对象里面,用于标记用户已经登陆:
======================================================
HttpSession session = request.getSession();
session.setAttribute( "adminlogin ", "entered ");
在Filter实现的类中,对此属性进行判断:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
//获取web.xml中配置的转向页面
String deniedPage = filterConfig.getInitParameter( "deniedPage ");
//获取session中adminlogin的值,如果没有设置此值,返回为null,说明未登录
String adminState = (String) request.getAttribute( "adminlogin ");
if(adminState==null)
{
((HttpServletResponse)response).sendRedirect(deniedPage);
}
else
{
chain.doFilter(request, response);
}
}
==================================================================
上面的方法对于处理单页面的直接访问有很好的效果,可是当我开发一个多页Frame的页面JSP时出现问题,这个adminmain页面如下:
<%@ page contentType= "text/html; charset=UTF-8 " %>
<%@ taglib uri= "/tags/struts-bean " prefix= "bean " %>
<%@ taglib uri= "/tags/struts-logic " prefix= "logic " %>
<%@ taglib uri= "/tags/struts-html " prefix= "html " %>
<%@ taglib uri= "/tags/struts-nested " prefix= "nested " %>
<html>
<head>
<meta http-equiv= "Content-Type " content= "text/html; charset=UTF-8 "/>
<title> <bean:message key= "adminmainPage.title "/> </title>
<link href= "styles/project.css " rel= "stylesheet " type= "text/css ">
</head>
<frameset rows= "* " cols= "143,* " framespacing= "0 " frameborder= "NO " border= "0 ">
<frame src= "/project/dyn/admin/adminpanel.jsp " name= "leftFrame " scrolling= "No " noresize= "noresize " id= "leftFrame " title= "panel " />
<frame src= "/project/dyn/admin/adminworkspace.jsp " name= "mainFrame " id= "mainFrame " title= "workspace " />
</frameset>
<noframes>
<body>
</body>
</noframes>
</html>
在这个页面中左边Frame包含adminpanel.jsp,右边是adminworkspace.jsp.
当登陆成功后struts将view 转向adminmain.jsp,发现左边和右边都重新转向了登录的页面.这说明Filter判断从两个Frame包含的页面(frame src= "/project/dyn/admin/adminpanel.jsp, <frame src= "/project/dyn/admin/adminworkspace.jsp)没有经过登陆属于直接访问,于是都直接转回登陆界面了,请问大家是什么原因? 有什么办法可以避免?
附上web.xml中关于filter的配置:
<!--防止用户直接访问JSP页面的过滤器(管理模块)-->
<filter>
<filter-name> AdminDirectAccessFilter </filter-name>
<display-name> AdminDirectAccessFilter </display-name>
<description> AdminDirectAccessFilter </description>
<filter-class> com.dmaple.ezlife.web.filters.AdminDirectAccessFilter </filter-class>
<init-param>
<param-name> deniedPage </param-name>
<param-value> /project/dyn/adminlogin.jsp </param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name> AdminDirectAccessFilter </filter-name>
<url-pattern> /dyn/admin/* </url-pattern> <!--/dyn/admin/目录下所有文件访问必须经过登陆后才能访问-->
</filter-mapping>
多谢!
[解决办法]
mark,这个问题好像你关了浏览器再开才算?你关了ie重新打开,应该就不会有这问题了.要不你可能访问的是历史记录的缘故,我也见过.
[解决办法]
adminmain在哪个目录
[解决办法]
还真没遇到过
你把
<frame src= "/project/dyn/admin/adminworkspace.jsp "
的project去掉
或把
<url-pattern> /dyn/admin/* </url-pattern>
这加上project试试