增加URL过滤器，禁止直接访问jsp页面；

not_found.html 页面资源更新引用定位至根目录
wavky · Nov 26, 2014 · 3c33874 · 3c33874
1 parent 23ab164
commit 3c33874
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 4 deletions.
diff --git a/src/main/java/util/UrlLimitFilter.java b/src/main/java/util/UrlLimitFilter.java
@@ -0,0 +1,39 @@
+/**
+ * 2014年11月26日 下午12:53:24
+ */
+package util;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter;
+
+/**
+ * 对请求URL进行过滤限制，禁止直接访问JSP页面
+ * 
+ * @author wavky.wand
+ *
+ */
+public class UrlLimitFilter extends StrutsPrepareAndExecuteFilter {
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res,
+ FilterChain chain) throws IOException, ServletException {
+ HttpServletRequest request = (HttpServletRequest) req;
+ String url = request.getRequestURI();
+ if (url.toLowerCase().endsWith(".jsp")) {
+ System.out.println("禁止直接请求jsp");
+ // 禁止直接请求jsp，内部转发输出404页面，不修改URL
+ request.getRequestDispatcher("/not_found.html").forward(req, res);
+ // 重定向到404页面，效果与请求.html/.asp等资源时不一致
+ // ((HttpServletResponse)res).sendRedirect("404");
+ return;
+ }
+ // 调用默认过滤器分发资源
+ super.doFilter(req, res, chain);
+ }
+}
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -11,9 +11,14 @@
  <location>/not_found.html</location>
  </error-page>
  <filter>
+ <filter-name>struts2</filter-name>
+ <filter-class>util.UrlLimitFilter</filter-class>
+ </filter>
+ <!-- <filter>
  <filter-name>struts2</filter-name>
  <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
  </filter>
+ -->
  <filter-mapping>
  <filter-name>struts2</filter-name>
  <url-pattern>/*</url-pattern>

diff --git a/src/main/webapp/not_found.html b/src/main/webapp/not_found.html
@@ -4,13 +4,13 @@
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <base target="_self" />
 <title>Piece not found 404</title>
-<link rel="stylesheet" type="text/css" href="css/style.css" />
-<link rel="stylesheet" type="text/css" href="css/image_page.css" />
-<link rel="icon" type="image/x-icon" href="image/favicon.ico" />
+<link rel="stylesheet" type="text/css" href="/css/style.css" />
+<link rel="stylesheet" type="text/css" href="/css/image_page.css" />
+<link rel="icon" type="image/x-icon" href="/image/favicon.ico" />
 </head>
 <body>
  <div>
- <a href="index"> <img src="image/not_found.jpg"
+ <a href="/index"> <img src="/image/not_found.jpg"
  title="I lost this piece..." alt="404 - This page is not found." /></a>
  </div>
 </body>