项目记录 01 项目里有多个login.html，启动后访问的到底是哪个页面？

匿名上传

发布时间:2025-09-26 13:00:03

项目的webapp下结构是这样的。

启动时访问的url为：http://127.0.0.1/project/login.html

通过分析页面的内容，发现跟webapp/login.html是一致的，所以访问的是webapp/login.html，而不是webapp/WEB-INF/login.html。

然后我又翻阅了servelt3.1的规范文件，找到这么一段话

A special directory exists within the application hierarchy named “WEB-INF”. This directory contains all things related to the application that aren’t in the document root of the application. Most of the WEB-INF node is not part of the public document
tree of the application. Except for static resources and JSPs packaged in the METAINF/resources of a JAR file that resides in the WEB-INF/lib directory, no other files contained in the WEB-INF directory may be served directly to a client by the container. However, the contents of the WEB-INF directory are visible to servlet code using the getResource and getResourceAsStream method calls on the ServletContext, and may be exposed using the RequestDispatcher calls. Hence, if the Application Developer needs access, from servlet code, to application specific configuration information that he does not wish to be exposed directly to the Web client, he may place it under this directory. Since requests are matched to resource mappings in a case-sensitive manner, client requests for ‘/WEB-INF/foo’, ‘/WEbiNf/foo’, for example, should not result in contents of the Web application located under /WEB-INF being returned, nor any form of directory listing thereof.

简单的说就是WEB-INF是一个特殊的目录，大多数WEB-INF节点内容是不允许外部直接访问的。除了在WEB-INF/lib目录中的JAR文件的METAINF/资源中打包的静态资源和jsp之外。然后WEB-INF下内容对servlet是可见的，所以可以通过servlet访问。

也就是说我们不能直接通过下面这个url访问，但可以通过servlet来访问。

http://127.0.0.1/project/WEB-INF/login.html

通过servlet来访问的方法，试着写一个servlet类

public class LoginForwardServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        request.getRequestDispatcher("/WEB-INF/login.html").forward(request, response);
    }
}

在web.xml中配置servlet和映射

<servlet>
    <servlet-name>LoginForward</servlet-name>
    <servlet-class>LoginForwardServlet</servlet-class>
</servlet>

<servlet-mapping>
    <servlet-name>LoginForward</servlet-name>
    <url-pattern>/login</url-pattern>
</servlet-mapping>

按照上面的配置发现还是不行，会自动跳转到原来的login.html页面。仔细查看web.xml文件发现有这么一段代码

 	<filter>
	    <filter-name>shiroFilter</filter-name>
	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	    <init-param>
	        <param-name>targetFilterLifecycle</param-name>
	        <param-value>true</param-value>
	    </init-param>
	</filter>
	
	<filter-mapping>
	    <filter-name>shiroFilter</filter-name>
	    <url-pattern>/*</url-pattern>
	</filter-mapping>

原来是在这里面被过滤了。找到对应的配置文件spring-shiro.xml，然后加上这句/loginServlet=anon。

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  

	    <property name="securityManager" ref="securityManager"/>  
	    <property name="loginUrl" value="/login.html"/>  
	    <property name="successUrl" value="/index.html"/> 
	    <property name="unauthorizedUrl" value="/"/>  
	    <property name="filterChainDefinitions">  
	        <value>
			/loginServlet=anon
			/js/**=anon
			/statics/**=anon
	        	/upload/**=anon
	        	/login.html=anon
	        	/sys/login=anon
			/sys/config/info/**=anon
	        	/captcha.jpg=anon
	        	/**=authc
	        </value>
	    </property>
	</bean>