防止用户直接访问url的权限控制

这是个过滤器的内容，


public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        String conString = "";
        conString = req.getHeader("REFERER");//获取父url--如果不是直接输入的话就是先前的访问过来的页面，要是用户输入了，这个父url是不存在的 
        if("".equals(conString) || null==conString){ //判断如果上一个目录为空的话，说明是用户直接输入url访问的 
            String servletPath = req.getServletPath();//当前请求url，去掉几个可以直接访问的页面 
            if(servletPath.contains("index.jsp") || servletPath.contains("admin/login.jsp")){ //跳过index.jsp和登陆Login.jsp 
                chain.doFilter(request, response);
            } else {
                resp.sendRedirect("/ejuornal/index.jsp");//跳回首页 
            }
        } else {
            chain.doFilter(request, response);
      
}
    }

配置文件：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
  <display-name></display-name>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  <filter>
    <filter-name>FilterPages</filter-name>
    <filter-class>com.ejuornal.filter.FilterPages</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>FilterPages</filter-name>
    <url-pattern>*.jsp</url-pattern>  
  </filter-mapping>
</web-app>