① jsp中过滤器可以拦截请求和响应吗
过滤器可以动态地拦截请求和响应,以变换或使用包含在请求或响应中的信息。
② spring mvc 拦截器怎么拦截jsp页面
spring mvc 拦截器怎么拦截jsp页面
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="net.techfinger.yoyoapp.interceptor.AuthInterceptor" />
</mvc:interceptor>
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
<!-- <servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping> -->
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
public class CheckLoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
// 获得用户请求的URI
String path = request.getRequestURI();
String contextPath = request.getContextPath();
String url = path.substring(contextPath.length());Person person =SessionUtils.getPerson(request);if (person == null) {
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if (person.getId()!=null&&person.getPassword()!=null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
}
public class AuthInterceptor extends HandlerInterceptorAdapter {
private final static Logger log= Logger.getLogger(AuthInterceptor.class);@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HandlerMethod method = (HandlerMethod)handler;
Auth auth = method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题 auth = null,默认验证
if( auth == null || auth.verifyLogin()){
String baseUri = request.getContextPath();
String path = request.getServletPath();
Person person =SessionUtils.getPerson(request);if(person == null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String, Object> result = new HashMap<String, Object>();
/* result.put("success", false);
result.put("logoutFlag", true);//登录标记 true 退出
result.put("msg", "登录超时.");
XmlUtil.sendMsg(response, result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}
}
}
//验证URL权限
if( auth == null || auth.verifyURL()){/*//判断请求的url,是否包含在该角色的url里String methodName=request.getParameter("method");
String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
//日志记录
String userMail = SessionUtils.getPerson(request).getLoginName();
String msg ="URL权限验证不通过:[url="+menuUrl+"][email ="+ userMail+"]" ;
log.error(msg);response.setStatus(response.SC_FORBIDDEN);
Map<String, Object> result = new HashMap<String, Object>();
result.put("success", false);
result.put("msg", "没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response, result);
return false;}
*/}
return super.preHandle(request, response, handler);
}
③ 各位大神,springmvc自定义拦截器没有拦截到后台的jsp页面,如何解决这个问题
会提交的时候也要以/admin/*.jsp的方式提交啊
如果这样不行,你可以拦截所有请求,然后再拦截器里面判断url里面是否有你需要拦截的url地址,如果有的话就可以跳转到制定的页面,如果没有放行就行了。
//获取当前的Url地址
preHandle方法里面:
String requestUrl = request.getRequestURI().replace(request.getContextPath(), "");
判断这个requestUrl
④ springMVC的拦截器不拦截直接访问jsp的请求
你好,分享一下我的拦截器,多多指教,代码如下:
在spring的配置文件里面进行配置拦截器
<!-- 拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 对所有的请求拦截使用/**-->
<mvc:mapping path="/**" />
<ref bean="userAccessInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
<bean id="userAccessInterceptor"class="com.web.interceptor.UserAccessInterceptor"></bean>
拦截器如下设置,当用户未登录时,返回到登录页面
class UserAccessInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
//静态资源直接return true
if(handler instanceof ResourceHttpRequestHandler){
return true;
}
if(Utils.isNull(UserCookie.getApploginUserId())){
response.sendRedirect(request.getContextPath()+"/login.jsp");
return false;
}
return true;
}
⑤ 请问,java高手,spring mvc拦截器如何拦截所有的请求啊,包括html和jsp页面
web.xml里面这样配置 他就拦截所有请求了
<servlet>
<servlet-name>spring-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
⑥ struts2用过滤器过滤非法jsp请求的时候,对于根文件夹下的请求如何过滤
<filter>
<filter-name>authority</filter-name>
<filter-class>com.bstek.test.demo.filter.AuthorityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authority</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--可以匹配多个的,不过只要上面那种就可以拦截所有的了<filter-mapping>
<filter-name>authority</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>-->
⑦ java怎么实现对某些需要登录才能查看的页面进行拦截不需要登录的jsp页面不需要拦截!请高手赐教!
如果是简单的页面权限控制,采用过滤器完全就可以实现了。 实现思路:
1. 设计需要权限访问的页面存放在指定的目录,如: /A/xxx.JSP 。 不需要登录访问的页面则不存放在A目录下
2. 自己写个过滤器, 过滤器拦截的URL为 /A/* (url-mapping的配置); 过滤器的逻辑是,只有登录的请求,才forward请求的页面,没有登录的请求则跳转到登陆页面
如果是复杂的权限控制,可以考虑采用spring security 组件来实现,从而节省开发时间
⑧ spring mvc 拦截器怎么拦截jsp页面
spring mvc 拦截器怎么拦截jsp页面
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="net.techfinger.yoyoapp.interceptor.AuthInterceptor" />
</mvc:interceptor>
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
<!-- <servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping> -->
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
public class CheckLoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
// 获得用户请求的URI
String path = request.getRequestURI();
String contextPath = request.getContextPath();
String url = path.substring(contextPath.length());
Person person =SessionUtils.getPerson(request);
if (person == null) {
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if (person.getId()!=null&&person.getPassword()!=null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class AuthInterceptor extends HandlerInterceptorAdapter {
private final static Logger log= Logger.getLogger(AuthInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HandlerMethod method = (HandlerMethod)handler;
Auth auth = method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题 auth = null,默认验证
if( auth == null || auth.verifyLogin()){
String baseUri = request.getContextPath();
String path = request.getServletPath();
Person person =SessionUtils.getPerson(request);
if(person == null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String, Object> result = new HashMap<String, Object>();
/* result.put("success", false);
result.put("logoutFlag", true);//登录标记 true 退出
result.put("msg", "登录超时.");
XmlUtil.sendMsg(response, result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}
}
}
//验证URL权限
if( auth == null || auth.verifyURL()){/*
//判断请求的url,是否包含在该角色的url里
String methodName=request.getParameter("method");
String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);
if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
//日志记录
String userMail = SessionUtils.getPerson(request).getLoginName();
String msg ="URL权限验证不通过:[url="+menuUrl+"][email ="+ userMail+"]" ;
log.error(msg);
response.setStatus(response.SC_FORBIDDEN);
Map<String, Object> result = new HashMap<String, Object>();
result.put("success", false);
result.put("msg", "没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response, result);
return false;
}
*/}
return super.preHandle(request, response, handler);
}
⑨ struts2拦截器怎么拦截对jsp页面的访问
filter也可以拦截action啊,只要你把自己编写的 filter过滤器放到Struts2.0的过滤器前面就行了
⑩ Java:现在Filter把所有请求都拦截了,怎么使Filter不过滤login.jsp页面呢
对于这种,我说两种方法:
1、将你所有的JSP页面单独放在一个文件夹里(假如jspPage),jspPage文件夹里可根据类别分若干子文件夹,再把相对应的JSP放在子文件夹里;
JS、CSS及图片等分别放在外面的文件夹里(与文件夹jspPage并列)
再:<url-pattern>/jspPage/*</url-pattern>就行了
一般用的就是这种
2、在过滤的JAVA文件中,在doFilter方法里进行判断,将后缀名为.css、.js等直接设置为通过就行了,这种较为复杂,在一些特殊情况下才用到,一般不