需求描述:
        在網(wǎng)站中有一些網(wǎng)頁(yè)是受保護(hù)的,即只有規(guī)定的用戶才能訪問,而有一些網(wǎng)頁(yè)任何人都可以訪問。所以用戶在IE中輸入U(xiǎn)RL提交后,服務(wù)器必須對(duì)用戶輸入的URL進(jìn)行分析過慮。
分析:
       需要考慮的問題:
1、 怎么攔截用戶輸入的URL?
2、 怎么判斷輸入的URL是否是受保護(hù)的?
3、 在用戶量很大的情況下,每一個(gè)URL都要進(jìn)行判斷,怎樣提高判斷的性能?
方法:
1、 在web.xml中可以定義filter,服務(wù)器會(huì)更據(jù)filter的定義進(jìn)行攔截,以及相應(yīng)的處理。例如下面的配置:
<filter>  
           <filter-name>webfilter</filter-name>
           <filter-class>com.cyberway.web.filter.WebFilter</filter-class>
       </filter>
       <filter-mapping>
           <filter-name>webfilter</filter-name>
           <url-pattern>/*</url-pattern>
   </filter-mapping>
 
filter-name:定義過濾器的名稱
filter-class:定義過濾器處理的類
url-pattern:定義攔截url
/*:表示所有的都攔截
*.jsp:只攔截jsp文件
2、利用數(shù)據(jù)庫(kù)把需要保護(hù)的URL保存起來,每請(qǐng)求一次,檢測(cè)一次。
3、如果每請(qǐng)求一次,都去數(shù)據(jù)庫(kù)訪問檢測(cè)一次,這樣性能一定會(huì)非常差的。網(wǎng)站穩(wěn)定以后受保護(hù)的頁(yè)面一般更新較少,我們可以第一次請(qǐng)求時(shí),從數(shù)據(jù)庫(kù)中獲取所有的受保護(hù)頁(yè)面,保存在hashtble中,然后每次從hashtable中進(jìn)行檢測(cè)。如果更新了受保護(hù)頁(yè)面,則需更新hashtable。其實(shí)就是一種catch模式。事例代碼如下:
public class URLHelper{
private static URLHelper me;
private HashTable  urlTable;
private Boolean hasInit=false;
 
static{
      me=new URLHelper();
private URLHelper(){
}
public URLHelper getInstance(){
      return me;
}
public Boolean isHasInit{
      return hasInit;
}
public void init(){
      urlTable=new HashTable();
      Collection datas=getAllURLs();
      Iterator it=datas.iterator();
      while(it.hasNext()){
             URLVO vo=(URLVO)it.next();  //URLVO:一個(gè)記錄URL信息的實(shí)體類
             urlTable.put(vo.URL,vo);
}
}
//根據(jù)URL判斷是否上受保護(hù)的
public boolean isProtected(String url) {
    return urlTable.containsKey(url);
}
private Collection getAllURLs(){
      //從數(shù)據(jù)庫(kù)中獲取所受保護(hù)網(wǎng)頁(yè)
}
WebFilter類如下:
public class WebFilter extends HttpServlet implements Filter {
 
    public void doFilter(ServletRequest request, ServletResponse response,
                 FilterChain filterChain) throws ServletException {
        try {
            request.setCharacterEncoding("GBK");
           HttpServletRequest hreq = (HttpServletRequest) request;
            HttpServletResponse hres = (HttpServletResponse) response;
            HttpSession session = hreq.getSession();
            ServletContext context = session.getServletContext();
            String currentURL = hreq.getRequestURI();//返回不帶參數(shù)URL
            /String preURL = hreq.getHeader("referer");//返回上一頁(yè)URL
            String urlParam = hreq.getQueryString();//返回當(dāng)前URL的參數(shù)
            String currentURLpara = null;
            // check if is requesting a protect resource
            if (currentURL != null) {
                 //String contextPath = hreq.getContextPath();//返回 "/webroot"
URLHelper helper=URLHelper.getInstance();
if(helper. isProtected(currentURL)){
    setForward(currentURL)
}else{
    setForward(”error.jsp”);    
}                  
                }
                filterChain.doFilter(request, response);
        }catch (ServletException sx) {
            filterConfig.getServletContext().log(sx.getMessage());
        }catch (IOException iox) {
            filterConfig.getServletContext().log(iox.getMessage());
        }catch (Exception ex) {
            filterConfig.getServletContext().log(ex.getMessage());
        }
//forward一個(gè)頁(yè)面
private void setForward(String url, ServletRequest request,
                    ServletResponse response) throws Exception {
             HttpServletRequest hreq = (HttpServletRequest) request;
             RequestDispatcher dispatcher =            hreq.getSession().getServletContext()
                          .getRequestDispatcher(url);
             dispatcher.forward(request, response);
      }