一、目录展示
分为AProject和BProject两个项目进行测试
二、修改c:\windows\system32\drivers\etc下的hosts文件
三、aindex.jsp
四、bindex.jsp
五、web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0"> <filter>
<filter-name>imgFilter</filter-name>
<filter-class>com.zn.ImageFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>imgFilter</filter-name>
<url-pattern>/img/*</url-pattern>
</filter-mapping> </web-app>
六、ImageFilter
package com.zn; import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; public class ImageFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("过滤器启动!");
} @Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("走了吗");
//获取到当前请求的连接地址和上一个发送请求的地址
HttpServletRequest request=(HttpServletRequest)servletRequest;
HttpServletResponse response=(HttpServletResponse)servletResponse; //获取上一个发送请求的连接
String referer=request.getHeader("Referer");
String serverName = request.getServerName();
System.out.println(referer+"\thhhh\t"+serverName); if (referer==null||!referer.contains(serverName)){
request.getRequestDispatcher("/img/ff.png").forward(request,response);
return;
} //放行
filterChain.doFilter(request,response);
} @Override
public void destroy() {
System.out.println("过滤器销毁!");
}
}
七、效果展示
1、访问AProject项目可以访问
2、拦截以后使用b.com的BProject的访问为非法访问