未经过改写的WEB系统的URL可以泄漏工程文件的目录,为了保证WEB系统的安全,免遭黑客的攻击,我们通常要对URL进行重写,目的就是使访问者看不到真实的路径,从而可以减少黑客攻击的可能性,下面给出一个简单的登陆例子,将http://localhost:8080/urlrewrite/login.do改写为http://localhost:8080/urlrewrite/mylogin/
1.首先去CSDN下载频道搜索urlrewrite-2.6.0.jar这个文件,然后将其放在工程目录的WEB-INFO/LIB下。
2.配置web.xml
[java] view plaincopyprint?
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>3</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
</filter-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>WARN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>3</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
</filter-class>
<init-param>
<param-name>logLevel</param-name>
<param-value>WARN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
3.编写页面login.jsp.success.jsp以及failure.jsp
[c-sharp] view plaincopyprint?
login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"prefix="c"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<body>
<form action="<c:url value='/login.do'/>" method="post">
<center>
用户名:<input type="text" name="username"/>
密 码:<input type="password" name="password"/>
<input type="submit"value="提交"/>
</center>
</form>
</body>
</html>
success.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<html>
<body>
success!
</body>
</html>
failure.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<html>
<body>
failure!
</body>
</html>
login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"prefix="c"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<body>
<form action="<c:url value='/login.do'/>" method="post">
<center>
用户名:<input type="text" name="username"/>
密 码:<input type="password" name="password"/>
<input type="submit"value="提交"/>
</center>
</form>
</body>
</html>
success.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<html>
<body>
success!
</body>
</html>
failure.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<html>
<body>
failure!
</body>
</html>
4.编写action处理类及其配置struts-config.properties
[c-sharp] view plaincopyprint?
LoginAction.java
package com.zxc.struts.action;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
public class LoginAction extends Action {
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) {
// TODO Auto-generated method stub
String username=request.getParameter("username")==null?"":request.getParameter("username");
String password=request.getParameter("password")==null?"":request.getParameter("password");
if(username.equals("java")&&password.equals("java"))
return mapping.findForward("success");
else
return mapping.findForward("failure");
}
}
struts-config.properties
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
<struts-config>
<form-beans />
<global-exceptions />
<global-forwards />
<action-mappings >
<action
path="/login"
type="com.zxc.struts.action.LoginAction"
cancellable="true" >
<forward name="success" path="/success.jsp"/>
<forward name="failure" path="/failure.jsp"/>
</action>
</action-mappings>
<message-resources parameter="com.zxc.struts.ApplicationResources" />
</struts-config>
LoginAction.java
package com.zxc.struts.action;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
public class LoginAction extends Action {
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) {
// TODO Auto-generated method stub
String username=request.getParameter("username")==null?"":request.getParameter("username");
String password=request.getParameter("password")==null?"":request.getParameter("password");
if(username.equals("java")&&password.equals("java"))
return mapping.findForward("success");
else
return mapping.findForward("failure");
}
}
struts-config.properties
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.3//EN" "http://struts.apache.org/dtds/struts-config_1_3.dtd">
<struts-config>
<form-beans />
<global-exceptions />
<global-forwards />
<action-mappings >
<action
path="/login"
type="com.zxc.struts.action.LoginAction"
cancellable="true" >
<forward name="success" path="/success.jsp"/>
<forward name="failure" path="/failure.jsp"/>
</action>
</action-mappings>
<message-resources parameter="com.zxc.struts.ApplicationResources" />
</struts-config>
5.配置urlrewrite.xml文件,注意将其放到与web.xml同级目录中,并且配置的时候正向和逆向都得配置
[c-sharp] view plaincopyprint?
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 2.6//EN"
"http://tuckey.org/res/dtds/urlrewrite2.6.dtd">
<!--
Configuration file for UrlRewriteFilter http://tuckey.org/urlrewrite/
-->
<urlrewrite>
<!-- 正向 -->
<rule>
<note>
Login
</note>
<from>^/mylogin[/]?$</from>
<to>/login.do</to>
</rule>
<!-- 逆向 -->
<!-- Copy of invoice order -->
<outbound-rule>
<note>Login</note>
<from>/login.do</from>
<to>/mylogin/</to>
</outbound-rule>
</urlrewrite>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 2.6//EN"
"http://tuckey.org/res/dtds/urlrewrite2.6.dtd">
<!--
Configuration file for UrlRewriteFilter http://tuckey.org/urlrewrite/
-->
<urlrewrite>
<!-- 正向 -->
<rule>
<note>
Login
</note>
<from>^/mylogin[/]?$</from>
<to>/login.do</to>
</rule>
<!-- 逆向 -->
<!-- Copy of invoice order -->
<outbound-rule>
<note>Login</note>
<from>/login.do</from>
<to>/mylogin/</to>
</outbound-rule>
</urlrewrite>
6.运行结果
输入用户名和密码之后,你会发现浏览器的地址变成了http://localhost:8080/urlrewrite/mylogin/
分享到:
相关推荐
urlrewrite重写地址,Urlrewrite 2.5.2 现在有2.6版本的,自己去网上找吧
urlrewrite Jar包 urlrewrite-3.1.0.jar
url jessionid 处理url中有乱码的情况
urlrewrite-2.5.2.jar urlrewrite-2.5.2.jar
java urlrewrite demo
urlrewrite-2.6.0的源代码包
Freemarker-2.3.8.jar、urlrewrite-2.6.0.jar 副辅料: freemarker-ide-0.9.14 功效:myeclipse是我们快速搭建web项目的根本,离开了它我们寸步难行。仅仅是难行,不是不行。Freemarker的jar包是动态网页静态化的...
java和jsp很好的重定向和URL重写组件 <br>【JAVA/JSP/DB高手】QQ群:17398054 【Linux高手群】QQ群:26976792 地址:www.web-java.com<br>百度Blog:http://hi.baidu.com/zjqwll
现在对urlrewrite-3.2的源码进行了修改,使它能够支持多文件和通配符的形式加载自定义配置文件,即可以进行如下的配置: <param-name>confPath</param-name> <param-value>/WEB-INF/urlrewrite/urlrewrite.xml /...
NohBoard-ReWrite-v1.3.0.zip
urlrewrite 没听说吗? 用于url美化的 不过好像大多数会考虑伪静态~~~~~! 这个demo是eclipse工程 包括全部包 实现静态模拟及传参
在网上找了很多都不合心意,就知道改了下源码,只改了org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.class 文件,如果担心安全的朋友,可以下载 4.0.3的jar 替换UrlRewriteFilter.class即可。 confPath 默认 ...
Asp.Net的URLReWrite的源代码含详细具体的配置方法,在info.doc里。
这是基于短语的统计机器翻译的解码器部分,由于原网站不再更新所以不再提供下载链接,这里给个备份,大家需要的可以使用,使用的方法我在博客中http://blog.csdn.net/tianliang0123/article/details/5301847 有说明
前端开源库-koa-rewrite-75lbkoa-rewrite-75lb,用于koa的url重写中间件
什么是UrlRewrite UrlRewrite 是 将动态页面转换为静态页面的一种技术 例如 您网站页面是 http: www yourdomain com news docread aspx id 123 为什么使用UrlRewrite: 1 处理这样的情形:你要更改你的web应用...
它能够根据HTTP头和IIS服务器变量重写URL,可以避免一些参数名、ID等信息完全暴露在用户面前,从而提高安全性;同时可以根据URL段或请求元数据控制对网站内容的访问。本质上URL Rewrite是一个加强版的过滤器,据此...
solr jetty-rewrite-9.2.10.v20150310.jar
urlrewirte下载的官方网站打不开了,网上大多数是2.6.0的版本,我重新上传一个正在使用的比较新的版本。