About the security access. (Rookie)

Category: Java Related
 
dingdingshe
2011-05-14 04:53:51

Sponsored Links
I log in the main interface logon.jsp, set up a user name and password, enter first.jsp interface through validation. A user: user name: 123, password 123, for some reason the user is I deleted. But he was able to gain unauthorized access into first.jsp
his path by remembering first.jsp on the line. Such as: The main interface is www.wang.logon.jsp, first interface is: www.wang.first.jsp, he entered directly www.wang.first.jsp, entered. How to prevent similar problems.

Sponsored Links

jdm1997
2011-05-14 05:01:33
add
When the login after the successful landing
session.setAttribute ("login", "ok");

In the first adding "
if (session.getAttribute (" login ")! =" ok ")
{
System.exit (0);
}
gao104186
2011-05-14 05:05:49
If you are using struts, then (1.1 or later), you can override the RequestProcessor class processPreprocess method
public class YourRequestProcessor
extends RequestProcessor
{
protected boolean processPreprocess (HttpServletRequest request,
; ; HttpServletResponse response)
{
/ / ... Here authentication
}
}

you can also write your own a servlet filter to complete the authentication
public class YourFilter implements Filter
{
public void doFilter (ServletRequest request, ; ServletResponse response,
; FilterChain chain)
throws IOException, ServletException
; {
/ / ... Here authentication
}
}

final analysis, the above two kinds of methods to use session, but compared to the need to log in to access each page, these two methods is a good solution.
lionchen713
2011-05-14 05:08:53
Join session in first.jsp page judgment
but I usually get the session-related values, and then select a database as a condition membership form
yws168
2011-05-14 05:16:46
Support Upstairs I also do so, determine the session is not enough light, only valid for non-login user has landed useless, so also in the member table check once!
pengzhq
2011-05-14 05:25:54
his Session still, has not expired, the server should check the status of the user and Session
flashwww
2011-05-14 05:32:32
if (session.getAttribute ("userName") == null)
{
target = "index.jsp";
}

actionMapping.findForward (target);
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.