如何处理限制用户对servlet和jsp的访问？

如何处理/限制用户对servlet和jsp的访问？

这可以在中进行处理，

Filter

。

在那里修改代码以解决您的问题（注意方法的添加和使用

needsAuthentication

）：

@WebFilter("/*")public class LoginFilter implements Filter {    @Override    public void init(FilterConfig config)        throws ServletException {        // If you have any <init-param> in web.xml, then you could get them        // here by config.getInitParameter("name") and assign it as field.    }    @Override    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)        throws IOException, ServletException {        HttpServletRequest request = (HttpServletRequest) req;        HttpServletResponse response = (HttpServletResponse) res;        HttpSession session = request.getSession(false);        String requestPath = httpServletRequest.getRequestURI();        if (needsAuthentication(requestPath) || session == null || session.getAttribute("user") == null) { // change "user" for the session attribute you have defined response.sendRedirect(request.getContextPath() + "/login"); // No logged-in user found, so redirect to login page.        } else { chain.doFilter(req, res); // Logged-in user found, so just continue request.        }    }    @Override    public void destroy() {        // If you have assigned any expensive resources as field of        // this Filter class, then you could clean/close them here.    }    //basic validation of pages that do not require authentication    private boolean needsAuthentication(String url) {        String[] validNonAuthenticationUrls = { "Login.jsp", "Register.jsp" };        for(String validUrl : validNonAuthenticationUrls) { if (url.endsWith(validUrl)) {     return false; }        }        return true;    }}

我建议将所有需要身份验证的页面移动到一个文件夹中

app

，然后将网络过滤器更改为

@WebFilter("/app/*")

这样，您可以从过滤器中 删除 该

needsAuthentication

方法。