如果未经身份验证,如何防止用户直接访问页面? [英] how can i prevent a user from directly accessing a pages if not authenticated?
问题描述
我正在使用自定义标签,我想知道如何防止用户未经身份验证直接访问我的应用程序页面.下面是视图页面编码,请让我知道如何解决,我什至尝试使用页面会话指令,但这没用.
I am using custom tag and i want to know how can i prevent a user from directly accessing my application pages without authenticating. Below is the view page coding, please let me know how to go about it, I even tried using page session directive but that didnt work.
<html>
<head>
<script>
function check(submit)
{
var x = document.getElementById("r");
var xlength=x.value.length;
if(xlength!=5 || x=="")
{
alert("Enter 5 digit Employee Id");
document.getElementById("r").focus();
return false;
}
}
</script>
</head>
<body>
<form method=post>
<input type=text style="color:grey" name=reqno id=r
value=requestno maxlength="5" onFocus="if
(this.value==this.defaultValue) this.value=''" onblur="if
(this.value=='') this.value = this.defaultValue" >
</br>
<input type = submit name = submit value = Submit
onclick="return check(this)" >
<input type = submit name = back value = Back>
<%
String r=request.getParameter("reqno");
String btn=request.getParameter("submit");
String btn1=request.getParameter("back");
HttpSession session1=request.getSession();
session1.setAttribute("requestno",r);
if (btn!=null)
response.sendRedirect("findrequest1.jsp");
else if (btn1!=null)
response.sendRedirect("selectaction.jsp");
%>
</form>
</body>
</html>
这是登录页面
<jsp:useBean id="theBean" class="pack.java.MyModel"/>
<jsp:setProperty name="theBean" property="name" param="userName"/>
<jsp:setProperty name="theBean" property="pass" param="userPass"/>
<%@ taglib uri="taglib1.tld" prefix="easy" %>
<html>
<head>
<script>
history.forward();
</script>
</head>
<header>
<h4 align="right"><a href="projectregister.jsp">Register Now</a></br>
</h4>
</header>
<form = "loginform" method="post">
<h1>Login please</h1>
Enter username : <input type = text name = userName >
</br>
Enter password : <input type = password name = userPass >
</br>
<input type = submit name = submit value = submit>
</br>
<%
String btn = request.getParameter("submit");
String uu= request.getParameter("userName");
String pp= request.getParameter("userPass");
HttpSession sessions=request.getSession();
String st=(String)request.getAttribute("user");
if(request.getParameter("userName")!="" && request.getParameter("userPass")!="")
{
if (btn!=null )
{
%>
<easy:myTag/>
<%
}
}
%>
</form>
</body>
</html>
这是一个过滤器
package pack.java;
import java.io.*;
import javax.servlet.*;
public class loginfilter implements Filter
{
String aa;
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
aa=request.getRequestURI();
chain.doFilter(request, response);
}
public void init(FilterConfig fconfig) throws ServletException
{
}
}
这是登录(控制器)"页面
This the Login (controller) page
package pack.java;
import pack.java.MyModel;
import java.io.*;
import java.lang.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.jsp.*;
import javax.servlet.jsp.tagext.*;
import java.sql.*;
public class MyController extends TagSupport
{
HttpServletRequest request;
HttpServletResponse response;
String msg="";
String empid="";
public int doStartTag()throws JspException
{
request=(HttpServletRequest)pageContext.getRequest();
response=(HttpServletResponse)pageContext.getResponse();
return EVAL_PAGE;
}
public void check()
{
HttpSession mysession=request.getSession();
JspWriter out=pageContext.getOut();
int f=0;
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
}
catch(ClassNotFoundException ex)
{
msg=ex.getMessage();
}
try
{
Connection con;
CallableStatement stmt;
ResultSet rs;
String aa=(String)MyModel.name.trim();
String bb=(String)MyModel.pass.trim();
if(!aa.matches(".*[%#^<>&;'\0-].*") && !bb.matches(".*[%#^<>&;'\0-].*"))
{
con= DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:XE","gaurav","oracle");
stmt=con.prepareCall("select usercheck1(?,?) from dual");
stmt.setString(1,aa);
stmt.setString(2,bb);
rs=stmt.executeQuery();
while (rs.next())
{
empid=rs.getString (1);
mysession.setAttribute("user",empid);
if(empid!=null)
{
response.sendRedirect("/Myjsp/selectaction.jsp");
}
else
out.println("Invalid Details");
}
}
else
out.println("Invalid Details");
}
catch(SQLException ex)
{
msg=ex.getMessage();
}
catch(Exception ex)
{
msg=ex.getMessage();
}
}
public int doEndTag() throws JspException
{
check();
return EVAL_PAGE;
}
}
我在下面的web.xml文件中输入的代码
In web.xml file below is the code i entered
<filter>
<filter-name>loginfilter</filter-name>
<filter-class>pack.java</filter-class>
</filter>
<filter-mapping>
<filter-name>loginfilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
推荐答案
您可以使用过滤器来处理这种情况.过滤器是用于在客户端访问后端资源之前拦截来自客户端的请求的类. 您还可以反过来使用过滤器,即在响应到达客户端之前拦截响应.在这里您可以使用前一个.
You can use filters for handling such scenario.Filters are classes which are used to intercept request from a client before they access a resource at back end. You can also use filters the other way round i.e.intercept response before it reaches client. Here you can use former one.
步骤可以如下:
1.用户成功登录后,您可以设置一些会话属性以指示用户已登录
1.When user logs in successfully you can set some session attribute to indicate that user is logged in
session.setAttribute("isUserLoggedIn",true);
2.您可以编写一个实现javax.servlet.filter接口并重写doFilter方法的类.在doFilter方法中,可以检查是否已设置"isUserLoggedIn"属性.如果已设置该属性,则可以允许该请求继续操作,否则,您可以将用户转发到登录页面或所需的任何自定义页面.
2.You can write a class which implements javax.servlet.filter interface and override the doFilter method.In the doFilter method you can check whether "isUserLoggedIn" attribute is already set.If its already set ,you can allow the request to go ahead ,or else you can forward the user to login page or any custom page you want.
您可以决定要调用此过滤器的URL模式.如果要针对每个请求(即每个URL模式)调用此过滤器,则可以在web.xml中说类似以下内容:
You can decide which URL patterns you want this filter to get invoked.If you want this filter to be invoked for each request i.e. for each URL pattern ,you can say soemthing like below in web.xml:
<url-pattern>/*</url-pattern>
您可以了解@过滤器的工作原理
You can get idea of how filters work @
http://www.oracle.com/technetwork/java/filters- 137243.html
希望这会有所帮助!
这篇关于如果未经身份验证,如何防止用户直接访问页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
