如何重定向到过滤器中的引荐来源网址?
如何在过滤器中执行重定向到调用该过滤器的 servlet 或 jsp。实际上,我想检查用户是否没有权限查看某些内容,然后,在尝试获取禁止资源时,用户将停留在他尝试获取该资源的页面上。
how can I perform a redirect in filter to the servlet or jsp from which this filter has been called. Actually, I want to check if the user have not permition to see some content, then, while trying to get a forbbiden resourse, the user will stay at the page from where he have tried to get that resource.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在
doFilter()方法,需要对获取到的ServletResponse参数HttpServletResponse然后调用sendRedirect()方法就可以了。请求发起的页面可以通过referer请求头获取(是的,有传说中的拼写错误),可以通过HttpServletRequest#getHeader()转换后它来自ServletRequest论证。请注意,引荐来源网址是客户端控制的值,因此可能会被欺骗甚至删除。您希望对获取的值添加条件检查,当不存在或无效时,重定向到主页或其他地方。
另请参阅:
servlet-filterswiki 页面(您可以通过输入将鼠标悬停在问题下方的标签上方,直到显示弹出框,然后单击弹出框上的信息链接)In the
doFilter()method, you need to cast the obtainedServletResponseargument toHttpServletResponseand then call thesendRedirect()method on it. The page where the request originated can be obtained by therefererrequest header (yes, with the legendaric misspelling) which can be obtained byHttpServletRequest#getHeader()after casting it from theServletRequestargument.Please note that the referrer is a client-controlled value and thus this can be spoofed or even removed. You'd like to add conditional checks on the obtained value and when absent or invalid, redirect to the main page instead or somewhere else.
See also:
servlet-filterswiki page (you can get this page by putting your mouse above the tag below the question until a popbox shows and then click the info link on the popbox)