1.把JSP頁面放在WEB-INF目錄下,存放在此目錄或者它的子目錄里的任何東西都受到了保護。
2.使用servlet過濾器過濾對jsp頁面的請求。
import JAVAx.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.Writer;
public class AdminsessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig)throws ServletException {
}
@Override
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)
throws IOException,ServletException
{
HttpServletRequest httpServletRequest=(HttpServletRequest)request;
HttpServletResponse httpServletResponse=(HttpServletResponse)response;
String url =httpServletRequest.getRequestURI();
if(url!= null && url.endsWith(".jsp")){
String contextPath=httpServletRequest.getContextPath();
httpServletResponse.sendRedirect(contextPath+"/index.html");
return;
}
chain.doFilter(httpServletRequest,httpServletResponse);
}
@Override
public void destroy(){
}
}
3.在部署文件web.xml中使用安全限制.配置如下:
<span style="mangin:8px;padding:epx;border:8px;font-size:18px;background:transparent;"><security-constraint>
<web-resource-collection>
<web-resource-name>JSPs</web-resource-name>
<url-pattern>/web/*</url-pattenn><!--拍絕直接訪web文件夾下的所有頁面--></web-resource-collection><auth-constraint/></security-constraint>
<login-config>
<auth-method>BASIC</auth-method><!--驗證才式(BASIC/FORM)--></login-config></span>
