首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 开发语言 > 编程 >

应用fiter过滤器控制统一编码和防止非法url进入

2012-12-20 
使用fiter过滤器控制统一编码和防止非法url进入package com.tongtech.bjvsp.sysmng.filterimport java.io

使用fiter过滤器控制统一编码和防止非法url进入
package com.tongtech.bjvsp.sysmng.filter;  
 
import java.io.IOException;  
import java.io.PrintWriter;  
 
import javax.servlet.Filter;  
import javax.servlet.FilterChain;  
import javax.servlet.FilterConfig;  
import javax.servlet.ServletException;  
import javax.servlet.ServletRequest;  
import javax.servlet.ServletResponse;  
import javax.servlet.http.HttpServlet;  
import javax.servlet.http.HttpServletRequest;  
import javax.servlet.http.HttpServletResponse;  
 
import com.tongtech.bjvsp.sysmng.constant.ConstantServlet;  
 
public class EncodingFilter extends HttpServlet implements Filter {  
    private FilterConfig filterConfig;  
 
    // Handle the passed-in FilterConfig  
    public void init(FilterConfig filterConfig) throws ServletException {  
        this.filterConfig = filterConfig;  
    }  
 
    // Process the request/response pair  
    public void doFilter(ServletRequest request, ServletResponse response,  
            FilterChain filterChain) {  
        try {  
 
            HttpServletRequest httpRequest = (HttpServletRequest) request;  
            HttpServletResponse httpResponse = (HttpServletResponse) response;  
            boolean isValid = true;  
            String uriStr = httpRequest.getRequestURI();  
            if (uriStr.indexOf(".jsp") == -1 && uriStr.indexOf(".do") == -1) {  
                isValid = true;  
            } else if (uriStr.indexOf("login.jsp") == -1 && uriStr.indexOf("login.do") == -1 
                    && httpRequest.getSession().getAttribute("UserWraper") == null) {  
                isValid = false;  
            }  
 
            if (isValid) {  
                request.setCharacterEncoding("GBK");  
                filterChain.doFilter(request, response);  
            }  
 
            else {  
                request.setCharacterEncoding("GBK");  
                PrintWriter out = httpResponse.getWriter();  
                if( uriStr.indexOf("index.jsp") == -1 ) {  
                    out.write("<script>window.parent.parent.location.href='../../login.jsp'</script>");  
                } else {  
                    out.write("<script>window.parent.parent.location.href='../login.jsp'</script>");  
                }  
 
            }  
 
        } catch (ServletException sx) {  
            filterConfig.getServletContext().log(sx.getMessage());  
        } catch (IOException iox) {  
            filterConfig.getServletContext().log(iox.getMessage());  
        }  
    }  
 
    // Clean up resources  
    public void destroy() {  
    }  


package com.tongtech.bjvsp.sysmng.filter;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.tongtech.bjvsp.sysmng.constant.ConstantServlet;

public class EncodingFilter extends HttpServlet implements Filter {
private FilterConfig filterConfig;

// Handle the passed-in FilterConfig
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}

// Process the request/response pair
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) {
try {

HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
boolean isValid = true;
String uriStr = httpRequest.getRequestURI();
if (uriStr.indexOf(".jsp") == -1 && uriStr.indexOf(".do") == -1) {
isValid = true;
} else if (uriStr.indexOf("login.jsp") == -1 && uriStr.indexOf("login.do") == -1
&& httpRequest.getSession().getAttribute("UserWraper") == null) {
isValid = false;
}

if (isValid) {
request.setCharacterEncoding("GBK");
filterChain.doFilter(request, response);
}

else {
request.setCharacterEncoding("GBK");
PrintWriter out = httpResponse.getWriter();
if( uriStr.indexOf("index.jsp") == -1 ) {
out.write("<script>window.parent.parent.location.href='../../login.jsp'</script>");
} else {
out.write("<script>window.parent.parent.location.href='../login.jsp'</script>");
}

}

} catch (ServletException sx) {
filterConfig.getServletContext().log(sx.getMessage());
} catch (IOException iox) {
filterConfig.getServletContext().log(iox.getMessage());
}
}

// Clean up resources
public void destroy() {
}
}


out.write内的内容为当未登录时或Session过期时通过地址栏访问应用URL时
对于页面跳转的控制

web.xml配置
Java代码 
<filter>  
    <filter-name>encodingfilter</filter-name>  
    <filter-class>com.tongtech.bjvsp.sysmng.filter.EncodingFilter</filter-class>  
  </filter>  
  <filter-mapping>  
    <filter-name>encodingfilter</filter-name>  
    <url-pattern>/*</url-pattern>  
  </filter-mapping> 


问题:window.top.location.href = 【login.jsp的绝对路径】


读书人精选
热点排行