如何防止在 Grails 中直接访问 *.gsp 页面
谁能建议一个可行的解决方案来阻止直接访问 Grails 上的 *.gsp 页面?
在审查拦截'/**.gsp'之后,我发现不可能使用它,因为它不仅过滤掉直接访问,而且过滤掉从控制器渲染的页面等。
我尝试在 UrlMapping.groovy 中设置以下内容,甚至虽然我可以阻止 *.gsp 直接访问,但我也弄乱了页面的导航;那么所有的链接似乎都会转到主页。
"/**.gsp" {
isEligible = {
System.err.println("ALL PARAMS: " + params)
request.requestURL.toString().endsWith(".gsp")
}
controller = {
if (request.requestURL.toString().endsWith(".gsp")) {
"public"
} else {
"*"
}
}
action = {
if (request.requestURL.toString().endsWith(".gsp")) {
"home"
} else {
"*"
}
}
}
有一次我考虑过像 org.springframework.web.filter.OncePerRequestFilter 这样的设置过滤器,但不太确定如何定义它,因为 Grails 倾向于自行生成 web.xml 过滤器部分。
有什么想法吗?
多谢! 汤姆
Could anyone advise a feasible solution to prevent direct access to *.gsp pages on Grails?
After reviewing intercepting '/**.gsp', I found it is impossible to use that as it not only filters out direct access, but also the pages rendering from controllers, etc.
I tried to setup the following in UrlMapping.groovy, even though I can prevent the *.gsp direct access, but I also make a mess to the navigation of the pages; all the links seem to go to home page then.
"/**.gsp" {
isEligible = {
System.err.println("ALL PARAMS: " + params)
request.requestURL.toString().endsWith(".gsp")
}
controller = {
if (request.requestURL.toString().endsWith(".gsp")) {
"public"
} else {
"*"
}
}
action = {
if (request.requestURL.toString().endsWith(".gsp")) {
"home"
} else {
"*"
}
}
}
Once I thought about setup filter like org.springframework.web.filter.OncePerRequestFilter, but not quite sure how to define it probably as Grails tends to generate the web.xml filters section by itself.
Any thoughts?
Thanks a lot!
tom
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
不幸的是我没有找到 UrlMappings 的解决方案。
这是一个有点难看的解决方案,但如果您在所有页面上使用相同的布局(例如 main.gsp),您可以将此行添加到布局(main.gsp)中。
这样,如果用户尝试直接访问 gsp 页面,他就会被重定向到主页。
也许不是最好的解决方案,但到目前为止对我有用。
欢呼变幻
unfortunately I did not find a solution with UrlMappings.
here is a solution which is little bit ugly but if you use the same layout (for example main.gsp) on all pages you could add this lines to the layout (main.gsp).
this way if the user tries to access the gsp page direct he gets redirected to the home page.
maybe not the best solution but did work for me so far.
cheers shifty
将这些添加到 UrlMappings:
并创建一个 ForbiddenController 和一个带有“永远不要直接访问 GSP 伙计”的 index.gsp。作为其内容。
干杯。
Add these to UrlMappings:
And create a ForbiddenController and an index.gsp with "Never think of accessing GSPs directly dude." as its content.
Cheers.
根据 grails FAQ,UrlMapping.groovy 中的“/**.gsp”配置应该可以工作。
还无法尝试。
您是如何将链接添加到页面的?
当您使用链接标签时,链接是否也会损坏?
according to the grails FAQ the "/**.gsp" configuration in the UrlMapping.groovy should work.
couldn't try it out yet.
How did you add the links to the page ?
Are the links also broken when you use the link tag ?
编写一个将在每个请求上执行的过滤器怎么样?
What about writing a filter that will be executed on each request ?