1、可以在项目的web.xml中配置过滤器,对请求进行过滤,在过滤器判断请求是否是越过登录直接输入恶意url地址进行访问的,如果是的话进行处理,不是则放行。
2、************web.xml配置************<filter> <filter-name>validateLogin</filter-name> <filter-class>com.test.action.LoginedCheckInterceptorAction</filter-class> </filter>
3、<filter-mapping> <filter-name>validateLogin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>*********过滤器类*******************package com.test.action;import java.io.IOException;
4、import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/*** filter过滤访问路径* @author *****/
5、public class LoginedCheckInterceptorAction implements Filter {/*** filter过滤非法访问*/@SuppressWarnings("unused")private static final long serialVersionUID = 1L;public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
