1这次练习中一直受到相对路径的干扰,现在澄清一点
forward中不是不需要包含根目录的 比如 http://localhost:8080/filter/upload/images/no.jpg
你只要写到 (/upload/images/no.jpg)就好
而在html中是需要根目录的
<img src="<%=request.getContextPath()%>/images/ok.jpg" /></div> <a href="<%=request.getContextPath()%>/d.jpg">直接访问d</a> <a href="<%=request.getContextPath()%>/images/ok.jpg">直接访问ok</a> <a href="<%=request.getContextPath()%>/upload/images/no.jpg">直接访问no</a>
2根据referer判断是否自己网站发出的请求
String referer = req.getHeader("referer");
if (referer == null || !referer.contains(req.getServerName())) {
源码
package filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class MyFilter implements Filter { @Override public void destroy() { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest req = (HttpServletRequest) request;// 注意上面是接口servletRequest/response HttpServletResponse res = (HttpServletResponse) response; String referer = req.getHeader("referer"); if (referer == null || !referer.contains(req.getServerName())) { req.getRequestDispatcher("/d.jpg").forward(req, res); } else { chain.doFilter(request, response); } } @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } }
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'show.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> <% %> </head> <body> <p>dsf</p> <div class="zj02"><img src="<%=request.getContextPath()%>/images/ok.jpg" /></div> <a href="<%=request.getContextPath()%>/d.jpg">直接访问d</a> <a href="<%=request.getContextPath()%>/images/ok.jpg">直接访问ok</a> <a href="<%=request.getContextPath()%>/upload/images/no.jpg">直接访问no</a> </body> </html>
模拟直接访问
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title></title> </head> <body> <a href="http://localhost:8080/filter/d.jpg">直接访问d</a> <a href="http://localhost:8080/filter/images/ok.jpg">直接访问ok</a> <a href="http://localhost:8080/filter/upload/images/no.jpg">直接访问no</a> </body> </html>