如何在 web.xml 中配置 url 映射来限制访问? [英] How to configure url mapping in web.xml to restrict access?

问题描述

我有以下结构的几页.

--Project
  |---WebContect
      |----Admin/ *
      |----Author/ * 
      |----Readonly/ * 
      |----Index.jsp

我想限制用户访问 Admin、Author 和 Readonly 下的页面.我不希望任何人访问这些页面.如果有人试图这样做，应该重定向到 index.jsp.

I want to restrict the user from accessing Pages under Admin,Author and Readonly. I don't want anybody to access these pages. And if somebody tries to do so, should be redirected to index.jsp.

我想到的最简单的解决方案是使用 Filter，但我试图找出是否可以使用 web.xml.

The easiest solution that come in my mind is using a Filter, but I am trying to find if its possible to do using web.xml.

推荐答案

如果你想让没有人能够直接访问这些页面，只需将它们放在/WEB-INF中代码>文件夹.

If you want that nobody is able to access those pages directly, just put them in /WEB-INF folder.

Project
 `-- WebContect
      |-- WEB-INF
      |    |-- Admin
      |    |-- Author
      |    `-- Readonly
      `-- Index.jsp

通过这种方式，页面不能公开访问，而只能由执行转发的 servlet 访问.当最终用户尝试直接访问它时，他得到的只是 HTTP 404 错误.

This way the pages are not publicly accessible, but only by a servlet which performs a forward. When the enduser attempts to access it directly, all he will get is a HTTP 404 error.

另一种方法是配置无角色.

An alternative is configuring a role-less <security-constraint>.

<security-constraint>
    <display-name>Restrict direct access to certain folders</display-name>
    <web-resource-collection>
        <web-resource-name>Restricted folders</web-resource-name>
        <url-pattern>/Admin/*</url-pattern>
        <url-pattern>/Author/*</url-pattern>
        <url-pattern>/Readonly/*</url-pattern>
    </web-resource-collection>
    <auth-constraint />
</security-constraint>

当最终用户尝试访问它们时，他得到的只是 HTTP 403 错误.

When the enduser attempts to access them, all he will get is a HTTP 403 error.

无论哪种方式，都不可能以这种方式将最终用户重定向到 index.jsp.只有 Filter 可以做到这一点.您可以将 index.jsp 配置为 404 或 403 的错误页面位置

Either way, it isn't possible to redirect the enduser to index.jsp this way. Only a Filter can do that. You could configure the index.jsp as error page location for 404 or 403

<error-page>
    <error-code>404</error-code>
    <location>/index.jsp</location>
</error-page>

但这将涵盖所有 404(或 403)，不确定这是否是您想要的.

But this would cover all 404's (or 403's), not sure if that is what you want.

这篇关于如何在 web.xml 中配置 url 映射来限制访问?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！