oa系統禁止使用者直接通過url去訪問的頁面
阿新 • • 發佈:2019-01-30
/** * @author chenfeng * 登陸系統攔截器,驗證登陸 */ public class LoginInterceptor implements HandlerInterceptor { private static Logger logger = LoggerFactory.getLogger(LoginInterceptor.class); @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,Object o) throws Exception { logger.info("====================攔截器啟動======================"); httpServletRequest.setAttribute("starttime",System.currentTimeMillis()); HttpSession session=httpServletRequest.getSession(); SystemUser systemUser= (SystemUser) session.getAttribute("loginUser"); if(systemUser!=null){ String s=httpServletRequest.getHeader("Referer"); if (s==null){ httpServletRequest.getRequestDispatcher("/login/toLogin").forward(httpServletRequest,httpServletResponse); return true; }else { return true; } }else{ httpServletRequest.getRequestDispatcher("/login/toLogin").forward(httpServletRequest,httpServletResponse); return true; } } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { logger.info("===================執行處理完畢======================"); long starttime= (long) httpServletRequest.getAttribute("starttime"); httpServletRequest.removeAttribute("starttime"); long endtime=System.currentTimeMillis(); logger.info("=========請求地址:"+httpServletRequest.getRequestURI()+":處理時間:{}",(endtime-starttime)+"ms"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { logger.info("=====================攔截器關閉========================="); } }
先上程式碼,再來進行解釋,<iframe>的頁面直接通過瀏覽器訪問header的屬性Referer的值就是空,但是通過按鈕點選進行內部跳轉時Referer的值就是訪問的路徑,也就不為空了,所以可以通過這個屬性是否為空來判斷使用者是內部跳轉還是瀏覽器直接訪問的。