1、可以在项目的web.xml中配置过滤器,对请求进行过滤,在过滤器判断请求是否是越过登录直接输入恶意url地址进行访问的,如果是的话进行处理,不是则放行。
2、************web.xml配置************
<filter>
<filter-name>validateLogin</filter-name>
<filter-class>com.test.action.LoginedCheckInterceptorAction</filter-class>
</filter>
3、<filter-mapping>
<filter-name>validateLogin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
*********过滤器类*******************
package com.test.action;
import java.io.IOException;
4、import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* filter过滤访问路径
* @author ***
*
*/
5、public class LoginedCheckInterceptorAction implements Filter {
/**
* filter过滤非法访问
*/
@SuppressWarnings("unused")
private static final long serialVersionUID = 1L;
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
