1. 技术文章
  2. Denying direct access to jsp pages

Denying direct access to jsp pages

你说的曾经没有我的故事 提交于 2019-12-18 18:54:04

问题


I'm using struts 1.3 for my application and all jsp pages are forwarded through controller (action class). But If I access the jsp page directly, I'm able to access it. How do I prevent this?


回答1:


put all your jsp-s inside WEB-INF folder (for example in WEB-INF/jsp folder) and dont forget to change your mapping regarding location of jsp-s.




回答2:


Filters are used to bypass or interrupt the requests , so use the filters to restrict the request , if it not contains .do in url. Below is the good tutorial for filters

Filters




回答3:


I think the best option would be to put your web pages in the WEB-INF folder - that way they won't be directly accessible but then in your servlets you can have something like: 

public class ControllerServlet extends HttpServlet {

    /**
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

        String userPath = request.getServletPath();

        // if category page is requested
        if (userPath.equals("/category")) {
            // TODO: Implement category request

        // if cart page is requested
        } else if (userPath.equals("/viewCart")) {
            // TODO: Implement cart page request

            userPath = "/cart";

        // if checkout page is requested
        } else if (userPath.equals("/checkout")) {
            // TODO: Implement checkout page request

        // if user switches language
        } else if (userPath.equals("/chooseLanguage")) {
            // TODO: Implement language request

        }

        // use RequestDispatcher to forward request internally
        String url = "/WEB-INF/view" + userPath + ".jsp";

        try {
            request.getRequestDispatcher(url).forward(request, response);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

Taken from: http://netbeans.org/kb/docs/javaee/ecommerce/page-views-controller.html




回答4:


You can use filters and restrict the request with url which ask for .jsp pages and only allow requests which ask for .do



来源:https://stackoverflow.com/questions/7282462/denying-direct-access-to-jsp-pages

标签
java
jsp
struts
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!