javaWeb 使用jsp标签进行防盗链

/**
* 1.新建类继承SimpleTagSupport
* 新建2个属性, 添加对应的set方法
* 覆盖doTag()方法
*/
import java.io.IOException; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport; public class RefererTag extends SimpleTagSupport {
private String webSite;
private String jumpPage; public void setWebSite(String webSite) {
this.webSite = webSite;
} public void setJumpPage(String jumpPage) {
this.jumpPage = jumpPage;
} @Override
public void doTag() throws JspException, IOException {
PageContext pageContext = (PageContext) this.getJspContext();
HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); String webRoot = request.getContextPath();
// 得到 referer
String referer = request.getHeader("referer");
if (referer == null || !referer.startsWith(webSite)) { // 是盗链者
if (jumpPage.startsWith(webRoot)) { // "/web/index.jsp"
response.sendRedirect(jumpPage);
} else if (jumpPage.startsWith("/")) { // "/index.jsp"
response.sendRedirect(webRoot + jumpPage);
} else {// "index.jsp"
response.sendRedirect(webRoot + "/" + jumpPage);
}
throw new SkipPageException();// 如果是盗链者,就抛出这个异常
}
}
}
<?xml version="1.0" encoding="UTF-8" ?>
<!-- 文件名 /WEB-INF/referer.tld -->
<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<tlib-version>1.0</tlib-version>
<short-name>anyName</short-name><!-- 这个值可以任意设置 -->
<uri>anyUri</uri><!-- 这个Uri可以任意设置,但是不要与别的 .tld 文件相同 --> <tag>
<name>referer</name>
<tag-class>de.bvb.web.tag.RefererTag</tag-class>
<body-content>empty</body-content> <!-- 不要标签体 -->
<attribute>
<name>webSite</name><!-- 需要添加前面设置的2个属性 -->
<required>true</required><!-- required表示是否必须 -->
<rtexprvalue>true</rtexprvalue><!-- rtexprvalue表示属性的值是否可以使用el表达式 -->
</attribute>
<attribute>
<name>jumpPage</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag> </taglib>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib prefix="referer" uri="/WEB-INF/referer.tld"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!-- 3.设置好标签库以后添加下面这行标签就可以进行防盗链了。
webSite表示不设置防盗链的站点,jumpPage表示发现盗链以后跳转的页面 -->
<referer:referer webSite="http://localhost" jumpPage="index.jsp" /> <html>
<head>
<title>通过jsp标签进行防盗链</title>
</head>
<body>某某某的文章</body></html>
上一篇:基础知识系列☞C#中→委托


下一篇:Java中的属性与字段的区别