jspblog : session, url check filter

2021-01-21 14:36:13 +09:00
parent ed6da3790e
commit cffbd128a6
4 changed files with 34 additions and 3 deletions
--- a/jspblog/src/main/java/com/example/jspblog/config/ForbiddenUrlConfig.java
+++ b/jspblog/src/main/java/com/example/jspblog/config/ForbiddenUrlConfig.java
@@ -0,0 +1,23 @@
+package com.example.jspblog.config;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+public class ForbiddenUrlConfig implements Filter {
+
+    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
+        HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) resp;
+
+        if (request.getRequestURI().equals("/jspblog/") || request.getRequestURI().equals("/jspblog/index.jsp")) {
+            chain.doFilter(request, response);
+        } else {
+            PrintWriter out = response.getWriter();
+            out.print("잘못된 접근입니다.");
+            out.flush();
+        }
+    }
+}
--- a/jspblog/src/main/java/com/example/jspblog/web/UserController.java
+++ b/jspblog/src/main/java/com/example/jspblog/web/UserController.java
@@ -32,7 +32,7 @@ public class UserController extends HttpServlet {

        switch (cmd) {
            case "loginForm":
-                response.sendRedirect("user/loginForm.jsp");
+                request.getRequestDispatcher("user/loginForm.jsp").forward(request, response);
                break;
            case "login": {
                String username = request.getParameter("username");
@@ -50,7 +50,7 @@ public class UserController extends HttpServlet {
                break;
            }
            case "joinForm":
-                response.sendRedirect("user/joinForm.jsp");
+                request.getRequestDispatcher("user/joinForm.jsp").forward(request, response);
                break;
            case "join": {
                String username = request.getParameter("username");
--- a/jspblog/src/main/webapp/WEB-INF/web.xml
+++ b/jspblog/src/main/webapp/WEB-INF/web.xml
@@ -16,9 +16,17 @@
        <filter-name>charConfig</filter-name>
        <filter-class>com.example.jspblog.config.CharConfig</filter-class>
    </filter>
+    <filter>
+        <filter-name>forbiddenUrlConfig</filter-name>
+        <filter-class>com.example.jspblog.config.ForbiddenUrlConfig</filter-class>
+    </filter>

    <filter-mapping>
        <filter-name>charConfig</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
+    <filter-mapping>
+        <filter-name>forbiddenUrlConfig</filter-name>
+        <url-pattern>*.jsp</url-pattern>
+    </filter-mapping>
 </web-app>
--- a/jspblog/src/main/webapp/index.jsp
+++ b/jspblog/src/main/webapp/index.jsp
@@ -1,5 +1,5 @@
 <%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>

 <%
-    response.sendRedirect("board/list.jsp");
+    request.getRequestDispatcher("board/list.jsp").forward(request, response);
 %>