开发者

Denying direct access to jsp pages

问答 作者:

I'm using struts 1.3 for my application and all jsp pages are forwarded through controller (action class). But If I access the jsp page directly, I'm ab开发者_Python百科le to access it. How do I prevent this?

put all your jsp-s inside WEB-INF folder (for example in WEB-INF/jsp folder) and dont forget to change your mapping regarding location of jsp-s.

Filters are used to bypass or interrupt the requests , so use the filters to restrict the request , if it not contains .do in url. Below is the good tutorial for filters

Filters

I think the best option would be to put your web pages in the WEB-INF folder - that way they won't be directly accessible but then in your servlets you can have something like: 

public class ControllerServlet extends HttpServlet {

    /**
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

        String userPath = request.getServletPath();

        // if category page is requested
        if (userPath.equals("/category")) {
            // TODO: Implement category request

        // if cart page is requested
        } else if (userPath.equals("/viewCart")) {
            // TODO: Implement cart page request

            userPath = "/cart";

        // if checkout page is requested
        } else if (userPath.equals("/checkout")) {
            // TODO: Implement checkout page request

        // if user switches language
        } else if (userPath.equals("/chooseLanguage")) {
            // TODO: Implement language request

        }

        // use RequestDispatcher to forward request internally
        String url = "/WEB-INF/view" + userPath + ".jsp";

        try {
            request.getRequestDispatcher(url).forward(request, response);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

Taken from: http://netbeans.org/kb/docs/javaee/ecommerce/page-views-controller.html

You can use filters and restrict the request with url which ask for .jsp pages and only allow requests which ask for .do

继续阅读:struts

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9