javaWeb 使用jsp标签进行防盗链

/**
 * 1.新建类继承SimpleTagSupport
 *     新建2个属性, 添加对应的set方法
 *     覆盖doTag()方法
 */
import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport;

public class RefererTag extends SimpleTagSupport {
    private String webSite;
    private String jumpPage;

    public void setWebSite(String webSite) {
        this.webSite = webSite;
    }

    public void setJumpPage(String jumpPage) {
        this.jumpPage = jumpPage;
    }

    @Override
    public void doTag() throws JspException, IOException {
        PageContext pageContext = (PageContext) this.getJspContext();
        HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
        HttpServletResponse response = (HttpServletResponse) pageContext.getResponse();

        String webRoot = request.getContextPath();
        // 得到 referer
        String referer = request.getHeader("referer");
        if (referer == null || !referer.startsWith(webSite)) { // 是盗链者
            if (jumpPage.startsWith(webRoot)) { // "/web/index.jsp"
                response.sendRedirect(jumpPage);
            } else if (jumpPage.startsWith("/")) { // "/index.jsp"
                response.sendRedirect(webRoot + jumpPage);
            } else {// "index.jsp"
                response.sendRedirect(webRoot + "/" + jumpPage);
            }
            throw new SkipPageException();// 如果是盗链者,就抛出这个异常
        }
    }
}

 

<?xml version="1.0" encoding="UTF-8" ?>
<!-- 文件名 /WEB-INF/referer.tld -->
<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
    version="2.0">
    <tlib-version>1.0</tlib-version>
    <short-name>anyName</short-name><!-- 这个值可以任意设置 -->
    <uri>anyUri</uri><!-- 这个Uri可以任意设置,但是不要与别的 .tld 文件相同 -->

    <tag>
        <name>referer</name>
        <tag-class>de.bvb.web.tag.RefererTag</tag-class>
        <body-content>empty</body-content> <!-- 不要标签体 -->
        <attribute>
            <name>webSite</name><!-- 需要添加前面设置的2个属性 -->
            <required>true</required><!-- required表示是否必须 -->
            <rtexprvalue>true</rtexprvalue><!-- rtexprvalue表示属性的值是否可以使用el表达式 -->
        </attribute>
        <attribute>
            <name>jumpPage</name>
            <required>true</required>
            <rtexprvalue>true</rtexprvalue>
        </attribute>
    </tag>

</taglib>

 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib prefix="referer" uri="/WEB-INF/referer.tld"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<!-- 3.设置好标签库以后添加下面这行标签就可以进行防盗链了。
webSite表示不设置防盗链的站点,jumpPage表示发现盗链以后跳转的页面 -->
<referer:referer webSite="http://localhost" jumpPage="index.jsp" />

<html>
<head>
<title>通过jsp标签进行防盗链</title>
</head>
<body>某某某的文章</body></html>

 

posted @ 2016-10-18 17:25  MarcoReus  阅读(1057)  评论(0编辑  收藏  举报