如何在 web.xml 中配置 url 映射来限制访问? [英] How to configure url mapping in web.xml to restrict access?
问题描述
我有以下结构的几页.
--Project
|---WebContect
|----Admin/ *
|----Author/ *
|----Readonly/ *
|----Index.jsp
我想限制用户访问 Admin
、Author
和 Readonly
下的页面.我不希望任何人访问这些页面.如果有人试图这样做,应该重定向到 index.jsp
.
I want to restrict the user from accessing Pages under Admin
,Author
and Readonly
. I don't want anybody to access these pages. And if somebody tries to do so, should be redirected to index.jsp
.
我想到的最简单的解决方案是使用 Filter
,但我试图找出是否可以使用 web.xml
.
The easiest solution that come in my mind is using a Filter
, but I am trying to find if its possible to do using web.xml
.
推荐答案
如果你想让没有人能够直接访问这些页面,只需将它们放在/WEB-INF中代码>文件夹.
If you want that nobody is able to access those pages directly, just put them in /WEB-INF
folder.
Project
`-- WebContect
|-- WEB-INF
| |-- Admin
| |-- Author
| `-- Readonly
`-- Index.jsp
通过这种方式,页面不能公开访问,而只能由执行转发的 servlet 访问.当最终用户尝试直接访问它时,他得到的只是 HTTP 404 错误.
This way the pages are not publicly accessible, but only by a servlet which performs a forward. When the enduser attempts to access it directly, all he will get is a HTTP 404 error.
另一种方法是配置无角色
.
An alternative is configuring a role-less <security-constraint>
.
<security-constraint>
<display-name>Restrict direct access to certain folders</display-name>
<web-resource-collection>
<web-resource-name>Restricted folders</web-resource-name>
<url-pattern>/Admin/*</url-pattern>
<url-pattern>/Author/*</url-pattern>
<url-pattern>/Readonly/*</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>
当最终用户尝试访问它们时,他得到的只是 HTTP 403 错误.
When the enduser attempts to access them, all he will get is a HTTP 403 error.
无论哪种方式,都不可能以这种方式将最终用户重定向到 index.jsp
.只有 Filter
可以做到这一点.您可以将 index.jsp
配置为 404 或 403 的错误页面位置
Either way, it isn't possible to redirect the enduser to index.jsp
this way. Only a Filter
can do that. You could configure the index.jsp
as error page location for 404 or 403
<error-page>
<error-code>404</error-code>
<location>/index.jsp</location>
</error-page>
但这将涵盖所有 404(或 403),不确定这是否是您想要的.
But this would cover all 404's (or 403's), not sure if that is what you want.
这篇关于如何在 web.xml 中配置 url 映射来限制访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!