如果用戶直接輸入了地址,不也可以直接訪問嗎?理論上是,我們可以加入session進行跟蹤,以杜絕此類型事件發(fā)生,我們是不是要把每次對session的判斷依次拷到每個頁里呢,之后下次需要驗證的SESSION換了,我們再換?太浪費了,我的做法是做了一個自定義標(biāo)簽,來解決這個問題。
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
public class CheckTag extends TagSupport
{
??? private static final long serialVersionUID = 879137944441282895L;
??? private String check = "";//用來驗證的變量
??? private String url = "index.jsp";//出現(xiàn)錯誤要去的頁面
??? private String msg = "";//錯誤的提示
??? private String scope = "";//要嚴(yán)整變量的范圍
??? private String to = "go";
//如果驗證失敗,是將頁面后退,還是定位到哪里?
??? public String getTo()
??? {
??????? return to;
??? }
??? public void setTo( String to )
??? {
??????? this.to = to;
??? }
??? public String getMsg()
??? {
??????? return msg;
??? }
??? public void setMsg( String msg )
??? {
??????? this.msg = msg;
??? }
??? public String getScope()
??? {
??????? return scope;
??? }
??? public void setScope( String scope )
??? {
??????? this.scope = scope;
??? }
??? public String getCheck()
??? {
??????? return check;
??? }
??? public void setCheck( String check )
??? {
??????? this.check = check;
??? }
??? public String getUrl()
??? {
??????? return url;
??? }
??? public void setUrl( String url )
??? {
??????? this.url = url;
??? }
??? public int doStsrtTag() throws JspException
??? {
??????? return SKIP_BODY;
??? }
??? public int doEndTag() throws JspException
??? {
??????? boolean valid = false;//先設(shè)為不可用
??????? if ( scope.equalsIgnoreCase( "request" ) )//如果要檢查request范圍
??????? {
??????????? valid = CheckUtil.checkRequestAttribute( pageContext.getRequest(),
??????????????????? check );
??????? }
??????? else if ( scope.equalsIgnoreCase( "session" ) )
??????? {
??????????? valid = CheckUtil.checkSession( pageContext.getSession(), check );
??????? }
??????? else if ( scope.equalsIgnoreCase( "parameter" ) )
??????? {
??????????? valid = CheckUtil.checkParameter( pageContext.getRequest(), check );
??????? }
??????? else if ( scope.equalsIgnoreCase( "application" ) )
??????? {
??????????? valid = CheckUtil.checkApp( pageContext.getServletContext(), check );
??????? }
??????? if ( valid ) return EVAL_PAGE;//如果可用就繼續(xù)執(zhí)行此頁的其余部分
??????? else
??????? {//否則,哈哈
??????????? try
??????????? {
??????????????? if ( to.equalsIgnoreCase( "go" ) ) //現(xiàn)在失敗了,就看怎么回到你該到的地方
??????????????????? HtmlUtil.callParentGo(
??????????????????????? pageContext.getOut(), msg, url );//將瀏覽器定位到URL?
??????????????? else
??????????????????? HtmlUtil.callBack( pageContext.getOut(), msg );//后退一下頁面來阻止
??????????????? return SKIP_PAGE;//跳過頁面的其余部分,不執(zhí)行
??????????? }
??????????? catch ( Exception e )
??????????? {
??????????????? throw new JspException( e.toString() );
??????????? }
??????? }
??? }
??? public void release()
??? {
??????? super.release();
??????? check = "";
??????? url = "";
??????? msg = "";
??????? scope = "";
??? }
}
下面是用到的htmlUtil部分:
public static void callParentGo( Writer out, String msg, String url )
??????????? throws IOException
??? {
??????? out.write( "<script language=\"javascript\">" );
??????? out.write( "alert(\"" + msg + "\");" );
??????? out.write( "parent.location.href=\"" + url + "\";" );
??????? out.write( "</script>" );
??? }
public static void callBack( Writer out, String msg ) throws IOException
??? {
??????? out.write( "<script language=\"javascript\">" );
??????? out.write( "alert(\"" + msg + "\");" );
??????? out.write( "parent.history.back();" );
??????? out.write( "</script>" );
??? }
寫個check.tld部署吧,
<?xml version = "1.0"?>
<taglib>
?<tlibversion>1.0</tlibversion>
?<jspversion>1.1</jspversion>
?<tag>
??<name>check</name>
??<tag-class>com.boya.subject.util.CheckTag</tag-class>
??<attribute>
???<name>check</name>
???<required>true</required>
??</attribute>
??<attribute>
???<name>url</name>
???<required>false</required>
??</attribute>
??<attribute>
???<name>msg</name>
???<required>true</required>
??</attribute>
??<attribute>
???<name>scope</name>
???<required>true</required>
??</attribute>
??<attribute>
???<name>to</name>
???<required>false</required>
??</attribute>
?</tag>
</taglib>
你
只要在每個頁面里寫下這個就可以判定用戶是否登陸了
<%@ taglib prefix="boya" uri="/WEB-INF/check.tld" %>
<boya:check check="admin" msg="管理員尚未登陸,請登陸!" scope ="session"/>
如果沒有登陸那么,會自動提示到首頁登陸,不錯,很完美吧?
當(dāng)然不是,您可以提出您的見解。。。。