如果用户直接输入了地址,不也可以直接访问吗?理论上是,我们可以加入session进行跟踪,以杜绝此类型事件发生,我们是不是要把每次对session的判断依次拷到每个页里呢,之后下次需要验证的SESSION换了,我们再换?太浪费了,我的做法是做了一个自定义标签,来解决这个问题。
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
public class CheckTag extends TagSupport
{
private static final long serialVersionUID = 879137944441282895L;
private String check = "";//用来验证的变量
private String url = "index.jsp";//出现错误要去的页面
private String msg = "";//错误的提示
private String scope = "";//要严整变量的范围
private String to = "go";
//如果验证失败,是将页面后退,还是定位到哪里?
public String getTo()
{
return to;
}
public void setTo( String to )
{
this.to = to;
}
public String getMsg()
{
return msg;
}
public void setMsg( String msg )
{
this.msg = msg;
}
public String getScope()
{
return scope;
}
public void setScope( String scope )
{
this.scope = scope;
}
public String getCheck()
{
return check;
}
public void setCheck( String check )
{
this.check = check;
}
public String getUrl()
{
return url;
}
public void setUrl( String url )
{
this.url = url;
}
public int doStsrtTag() throws JspException
{
return SKIP_BODY;
}
public int doEndTag() throws JspException
{
boolean valid = false;//先设为不可用
if ( scope.equalsIgnoreCase( "request" ) )//如果要检查request范围
{
valid = CheckUtil.checkRequestAttribute( pageContext.getRequest(),
check );
}
else if ( scope.equalsIgnoreCase( "session" ) )
{
valid = CheckUtil.checkSession( pageContext.getSession(), check );
}
else if ( scope.equalsIgnoreCase( "parameter" ) )
{
valid = CheckUtil.checkParameter( pageContext.getRequest(), check );
}
else if ( scope.equalsIgnoreCase( "application" ) )
{
valid = CheckUtil.checkApp( pageContext.getServletContext(), check );
}
if ( valid ) return EVAL_PAGE;//如果可用就继续执行此页的其余部分
else
{//否则,哈哈
try
{
if ( to.equalsIgnoreCase( "go" ) ) //现在失败了,就看怎么回到你该到的地方
HtmlUtil.callParentGo(
pageContext.getOut(), msg, url );//将浏览器定位到URL
else
HtmlUtil.callBack( pageContext.getOut(), msg );//后退一下页面来阻止
return SKIP_PAGE;//跳过页面的其余部分,不执行
}
catch ( Exception e )
{
throw new JspException( e.toString() );
}
}
}
public void release()
{
super.release();
check = "";
url = "";
msg = "";
scope = "";
}
}
下面是用到的htmlUtil部分:
public static void callParentGo( Writer out, String msg, String url )
throws IOException
{
out.write( "<script language=\"javascript\">" );
out.write( "alert(\"" + msg + "\");" );
out.write( "parent.location.href=\"" + url + "\";" );
out.write( "</script>" );
}
public static void callBack( Writer out, String msg ) throws IOException
{
out.write( "<script language=\"javascript\">" );
out.write( "alert(\"" + msg + "\");" );
out.write( "parent.history.back();" );
out.write( "</script>" );
}
写个check.tld部署吧,
<?xml version = "1.0"?>
<taglib>
<tlibversion>1.0</tlibversion>
<jspversion>1.1</jspversion>
<tag>
<name>check</name>
<tag-class>com.boya.subject.util.CheckTag</tag-class>
<attribute>
<name>check</name>
<required>true</required>
</attribute>
<attribute>
<name>url</name>
<required>false</required>
</attribute>
<attribute>
<name>msg</name>
<required>true</required>
</attribute>
<attribute>
<name>scope</name>
<required>true</required>
</attribute>
<attribute>
<name>to</name>
<required>false</required>
</attribute>
</tag>
</taglib>
你
只要在每个页面里写下这个就可以判定用户是否登陆了
<%@ taglib prefix="boya" uri="/WEB-INF/check.tld" %>
<boya:check check="admin" msg="管理员尚未登陆,请登陆!" scope ="session"/>
如果没有登陆那么,会自动提示到首页登陆,不错,很完美吧?
当然不是,您可以提出您的见解。。。。