tomcat 拒绝访问特定文件 [英] tomcat deny access to specific files

问题描述

我在 Tomcat 中有一个 web 应用程序，其中包含一个主 JSP 文件，该文件在页面中心包含另一个 JSP 文件.我想直接拒绝访问该文件，只允许直接访问主索引页面.

I have a webapp in Tomcat with a main JSP file that includes another JSP file in the center of the page. I want to deny access to that file directly, and only allow direct access to the main index page.

此外，我不希望用户能够直接从我的网络应用中获取图像.

Also, I don't want users to be able to get images from my webapp directly.

如何使用 Tomcat 拒绝这些请求?我希望所有请求都转发到我的主页.

How can I deny those requests with Tomcat? I want all of the requests to forward to my main page.

推荐答案

一种方法是实现 Filter

One way would be to implement a Filter

例如:

package package;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FilterImplementation implements Filter
{
    public void init(FilterConfig filterConfig) throws ServletException {...}

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
    {
        // if you detect an illegal request, throw an exception or return without calling chain.doFilter.
        chain.doFilter(request, response);     
    }

    public void destroy() {...}
}

将以下内容添加到 web.xml:

add the following to web.xml:

<filter>
    <filter-name>MyFilter</filter-name>
    <filter-class>package.FilterImplementation</filter-class>
</filter>

<filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

编辑

您需要了解的有关请求哪个页面的所有信息都在 request 参数中.参数类型为ServletRequest 但是它几乎总是一个 HttpServletRequest 以便您可以执行以下操作:

Everything you need to know about which page is being requested is in the request parameter. The parameter type is ServletRequest however it will almost always be an HttpServletRequest so you can do the following:

if (request instanceof HttpServletRequest)
{
    HttpServletRequest hrequest = (HttpServletRequest) request;
    String uri = hrequest.getRequestURI(); // you should be able to just use this
    String uri = hrequest.getRequestURL(); // otherwise there are more in-depth fields
}

这篇关于tomcat 拒绝访问特定文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！