javaWeb 使用jsp标签进行防盗链
/** * 1.新建类继承SimpleTagSupport * 新建2个属性, 添加对应的set方法 * 覆盖doTag()方法 */ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.jsp.JspException; import javax.servlet.jsp.PageContext; import javax.servlet.jsp.SkipPageException; import javax.servlet.jsp.tagext.SimpleTagSupport; public class RefererTag extends SimpleTagSupport { private String webSite; private String jumpPage; public void setWebSite(String webSite) { this.webSite = webSite; } public void setJumpPage(String jumpPage) { this.jumpPage = jumpPage; } @Override public void doTag() throws JspException, IOException { PageContext pageContext = (PageContext) this.getJspContext(); HttpServletRequest request = (HttpServletRequest) pageContext.getRequest(); HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); String webRoot = request.getContextPath(); // 得到 referer String referer = request.getHeader("referer"); if (referer == null || !referer.startsWith(webSite)) { // 是盗链者 if (jumpPage.startsWith(webRoot)) { // "/web/index.jsp" response.sendRedirect(jumpPage); } else if (jumpPage.startsWith("/")) { // "/index.jsp" response.sendRedirect(webRoot + jumpPage); } else {// "index.jsp" response.sendRedirect(webRoot + "/" + jumpPage); } throw new SkipPageException();// 如果是盗链者,就抛出这个异常 } } }
<?xml version="1.0" encoding="UTF-8" ?> <!-- 文件名 /WEB-INF/referer.tld --> <taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0"> <tlib-version>1.0</tlib-version> <short-name>anyName</short-name><!-- 这个值可以任意设置 --> <uri>anyUri</uri><!-- 这个Uri可以任意设置,但是不要与别的 .tld 文件相同 --> <tag> <name>referer</name> <tag-class>de.bvb.web.tag.RefererTag</tag-class> <body-content>empty</body-content> <!-- 不要标签体 --> <attribute> <name>webSite</name><!-- 需要添加前面设置的2个属性 --> <required>true</required><!-- required表示是否必须 --> <rtexprvalue>true</rtexprvalue><!-- rtexprvalue表示属性的值是否可以使用el表达式 --> </attribute> <attribute> <name>jumpPage</name> <required>true</required> <rtexprvalue>true</rtexprvalue> </attribute> </tag> </taglib>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@taglib prefix="referer" uri="/WEB-INF/referer.tld"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!-- 3.设置好标签库以后添加下面这行标签就可以进行防盗链了。 webSite表示不设置防盗链的站点,jumpPage表示发现盗链以后跳转的页面 --> <referer:referer webSite="http://localhost" jumpPage="index.jsp" /> <html> <head> <title>通过jsp标签进行防盗链</title> </head> <body>某某某的文章</body></html>