JSP网页中防盗链技术

1.防止用户盗链使用网站页面,可以判断Request.setHeader("referer"),链接中referer.startsWith(site) 是否以网站网址开始,否.跳转到网站首页,继续访问.是,直接访问...,控制自定义标签类RefererTag.java

package cn.itcast.web.tag;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport;

public class RefererTag extends SimpleTagSupport {

    private String site;
    private String page;
    public void setSite(String site) {
        this.site = site;
    }
    public void setPage(String page) {
        this.page = page;
    }
      
    @Override
    public void doTag() throws JspException, IOException {
        //看来访问者是从哪个页面来的
        PageContext pageContext = (PageContext)this.getJspContext();
        HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
        String referer = request.getHeader("referer");  //http://www.sina.com/index.html
        
        //判断
        if(referer==null || !referer.startsWith(site)){
            HttpServletResponse response = (HttpServletResponse) pageContext.getResponse();
            String webroot = request.getContextPath();  //day11_example
            if(page.startsWith(webroot)){
                response.sendRedirect(page);
            }else{
                response.sendRedirect(webroot + page);
            }
            //重定向后,控制保护的页面不要执行
            throw new SkipPageException();  
        }
     
    } 
}

2.需要配置tld描述一把 自定义标签

<?xml version="1.0" encoding="UTF-8" ?>

<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
    version="2.0">
    
    <description>A tag library exercising SimpleTag handlers.</description>
    <tlib-version>1.0</tlib-version>
    <short-name>SimpleTagLibrary</short-name>
    <uri>/itcast</uri>
    
    
    <tag>
        <name>referer</name>  <!-- 为标签处理器类配一个标签名 -->
        <tag-class>cn.itcast.web.tag.RefererTag</tag-class>
        <body-content>empty</body-content>
            
        <attribute>
            <name>site</name>
            <required>true</required>
            <rtexprvalue>true</rtexprvalue>
        </attribute>
        
        <attribute>
            <name>page</name>
            <required>true</required>
            <rtexprvalue>true</rtexprvalue>
        </attribute>
        
    </tag>
  
</taglib>

3.在JSP页面中调用 自定义标签 代码,防止用户盗链

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="/itcast" prefix="itcast"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<itcast:referer site="http://localhost:8080/" page="/index.jsp"/>

<html>
  <head>
    <title>防盗链</title>
  </head>
  
  <body>   
    凤姐日记  
  </body>
</html>

 

posted @ 2013-06-20 23:19  亂舞春秋  阅读(1034)  评论(0编辑  收藏  举报