关于Java web项目，怎么防止在浏览器中直接敲地址进入后台

在登陆的时候存一个session
登陆成功，session为success,失败为error
定义一个类实现Filter
在doFilter中进行判断
session是否为空或者error
然后在web.xml中配置过滤器

1.定义一个LoginAction，关键代码如下：

public class AdminLoginAction extends ActionSupport {

	private static final long serialVersionUID = 1L;
	private boolean success;
	private String message;
	private Admin admin;
	private List adminList;
	private AdminService adminService = new AdminService();
	private HttpServletRequest request = ServletActionContext.getRequest();
	private HttpSession session = request.getSession();

	@Override
	public String execute() throws Exception {

		adminList = adminService.list();
		
		for (int i = 0; i < adminList.size(); i++) {
			if (admin.getName().equals(adminList.get(i).getName())
					&& admin.getPassword().equals(
							(String) adminList.get(i).getPassword())) {
				session.setAttribute("Adminlogin", "Right");
				this.success = true;
				return SUCCESS;
			}
		}
		this.success = false;
		this.message = "对不起，未授权的用户不能登录改系统";
		return SUCCESS;
	}
}

2.struts.xml中的配置

         
     /front/Welcome.jsp
     /front/Error.jsp
        

3.编写过滤器

public class AdminLoginFilter implements Filter {

	public void destroy() {
	}

	public void doFilter(ServletRequest arg0, ServletResponse arg1,
            FilterChain arg2) throws IOException, ServletException {
		 HttpServletRequest request = (HttpServletRequest) arg0;
	        HttpSession session = request.getSession();
	        if (session.getAttribute("Adminlogin")!=null) {	        
	        	arg2.doFilter(arg0, arg1);	        
	        }
	        else{

	        	request.getRequestDispatcher("../../illegalLoginError.jsp").forward(arg0, arg1);
	           
	        }

	}
	public void init(FilterConfig filterConfig) throws ServletException {	
	}
}

4.在web.xml中配置过滤器

  AdminLogin
  com.kxw.NewsReleaseSystem.filter.AdminLoginFilter
 
                                                                                                     
 
 AdminLogin
 /admin/superAdmin/*