需求描述:
        在網(wǎng)站中有一些網(wǎng)頁是受保護的,即只有規(guī)定的用戶才能訪問,而有一些網(wǎng)頁任何人都可以訪問。所以用戶在IE中輸入URL提交后,服務(wù)器必須對用戶輸入的URL進行分析過慮。
分析:
       需要考慮的問題:
1、 怎么攔截用戶輸入的URL?
2、 怎么判斷輸入的URL是否是受保護的?
3、 在用戶量很大的情況下,每一個URL都要進行判斷,怎樣提高判斷的性能?
方法:
1、 在web.xml中可以定義filter,服務(wù)器會更據(jù)filter的定義進行攔截,以及相應(yīng)的處理。例如下面的配置:
<filter>  
           <filter-name>webfilter</filter-name>
           <filter-class>com.cyberway.web.filter.WebFilter</filter-class>
       </filter>
       <filter-mapping>
           <filter-name>webfilter</filter-name>
           <url-pattern>/*</url-pattern>
   </filter-mapping>
 
filter-name:定義過濾器的名稱
filter-class:定義過濾器處理的類
url-pattern:定義攔截url
/*:表示所有的都攔截
*.jsp:只攔截jsp文件
2、利用數(shù)據(jù)庫把需要保護的URL保存起來,每請求一次,檢測一次。
3、如果每請求一次,都去數(shù)據(jù)庫訪問檢測一次,這樣性能一定會非常差的。網(wǎng)站穩(wěn)定以后受保護的頁面一般更新較少,我們可以第一次請求時,從數(shù)據(jù)庫中獲取所有的受保護頁面,保存在hashtble中,然后每次從hashtable中進行檢測。如果更新了受保護頁面,則需更新hashtable。其實就是一種catch模式。事例代碼如下:
public class URLHelper{
private static URLHelper me;
private HashTable  urlTable;
private Boolean hasInit=false;
 
static{
      me=new URLHelper();
private URLHelper(){
}
public URLHelper getInstance(){
      return me;
}
public Boolean isHasInit{
      return hasInit;
}
public void init(){
      urlTable=new HashTable();
      Collection datas=getAllURLs();
      Iterator it=datas.iterator();
      while(it.hasNext()){
             URLVO vo=(URLVO)it.next();  //URLVO:一個記錄URL信息的實體類
             urlTable.put(vo.URL,vo);
}
}
//根據(jù)URL判斷是否上受保護的
public boolean isProtected(String url) {
    return urlTable.containsKey(url);
}
private Collection getAllURLs(){
      //從數(shù)據(jù)庫中獲取所受保護網(wǎng)頁
}
WebFilter類如下:
public class WebFilter extends HttpServlet implements Filter {
 
    public void doFilter(ServletRequest request, ServletResponse response,
                 FilterChain filterChain) throws ServletException {
        try {
            request.setCharacterEncoding("GBK");
           HttpServletRequest hreq = (HttpServletRequest) request;
            HttpServletResponse hres = (HttpServletResponse) response;
            HttpSession session = hreq.getSession();
            ServletContext context = session.getServletContext();
            String currentURL = hreq.getRequestURI();//返回不帶參數(shù)URL
            /String preURL = hreq.getHeader("referer");//返回上一頁URL
            String urlParam = hreq.getQueryString();//返回當前URL的參數(shù)
            String currentURLpara = null;
            // check if is requesting a protect resource
            if (currentURL != null) {
                 //String contextPath = hreq.getContextPath();//返回 "/webroot"
URLHelper helper=URLHelper.getInstance();
if(helper. isProtected(currentURL)){
    setForward(currentURL)
}else{
    setForward(”error.jsp”);    
}                  
                }
                filterChain.doFilter(request, response);
        }catch (ServletException sx) {
            filterConfig.getServletContext().log(sx.getMessage());
        }catch (IOException iox) {
            filterConfig.getServletContext().log(iox.getMessage());
        }catch (Exception ex) {
            filterConfig.getServletContext().log(ex.getMessage());
        }
//forward一個頁面
private void setForward(String url, ServletRequest request,
                    ServletResponse response) throws Exception {
             HttpServletRequest hreq = (HttpServletRequest) request;
             RequestDispatcher dispatcher =            hreq.getSession().getServletContext()
                          .getRequestDispatcher(url);
             dispatcher.forward(request, response);
      }