怎么防止java流程防绕过

1、可以在项目的web.xml中配置过滤器，对请求进行过滤，在过滤器判断请求是否是越过登录直接输入恶意url地址进行访问的，如果是的话进行处理，不是则放行。

2、************web.xml配置************

<filter>

      <filter-name>validateLogin</filter-name>

      <filter-class>com.test.action.LoginedCheckInterceptorAction</filter-class>

  </filter>

3、<filter-mapping>

      <filter-name>validateLogin</filter-name>

      <url-pattern>/*</url-pattern>

  </filter-mapping>

*********过滤器类*******************

package com.test.action;

import java.io.IOException;

4、import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

/**

 * filter过滤访问路径

 * @author ***

 *

 */

5、public class LoginedCheckInterceptorAction implements Filter {

/**

* filter过滤非法访问

*/

@SuppressWarnings("unused")

private static final long serialVersionUID = 1L;

public void destroy() {

}

public void doFilter(ServletRequest request, ServletResponse response,

            FilterChain chain) throws IOException, ServletException {