通过编程进行文件下载,使你可以选择的将文件发送到浏览器,
通过编程发送资源到浏览器
1.隐藏资源
1 package app12a.controller; 2 3 import java.io.BufferedInputStream; 4 import java.io.File; 5 import java.io.FileInputStream; 6 import java.io.IOException; 7 import java.io.OutputStream; 8 9 import javax.servlet.http.HttpServletRequest; 10 import javax.servlet.http.HttpServletResponse; 11 import javax.servlet.http.HttpSession; 12 13 import org.apache.commons.logging.Log; 14 import org.apache.commons.logging.LogFactory; 15 import org.springframework.stereotype.Controller; 16 import org.springframework.ui.Model; 17 import org.springframework.web.bind.annotation.ModelAttribute; 18 import org.springframework.web.bind.annotation.RequestMapping; 19 20 import app12a.domain.Login; 21 22 @Controller 23 24 public class ResourceController { 25 26 private static final Log logger = LogFactory.getLog(ResourceController.class); 27 28 @RequestMapping(value="/login") 29 public String login(@ModelAttribute Login login, HttpSession session, Model model) { 30 model.addAttribute("login", new Login()); 31 if ("paul".equals(login.getUserName()) && 32 "secret".equals(login.getPassword())) { 33 session.setAttribute("loggedIn", Boolean.TRUE); 34 return "Main"; 35 } else { 36 return "LoginForm"; 37 } 38 } 39 40 @RequestMapping(value="/resource_download") 41 public String downloadResource(HttpSession session, HttpServletRequest request, 42 HttpServletResponse response) {//1.添加httpServletResponse参数 43 if (session == null || 44 session.getAttribute("loggedIn") == null) { 45 return "LoginForm"; 46 } 47 String dataDirectory = request. 48 getServletContext().getRealPath("/WEB-INF/data"); 49 File file = new File(dataDirectory, "secret.pdf"); 50 if (file.exists()) { 51 response.setContentType("application/pdf");//2.设置响应的内容类型设为文件内容类型 52 response.addHeader("Content-Disposition", //3.添加Content-Disposition响应标题 53 "attachment; filename=secret.pdf"); 54 byte[] buffer = new byte[1024]; 55 FileInputStream fis = null; 56 BufferedInputStream bis = null; 57 // if using Java 7, use try-with-resources 58 try { 59 fis = new FileInputStream(file); 60 bis = new BufferedInputStream(fis); 61 OutputStream os = response.getOutputStream(); 62 int i = bis.read(buffer); 63 while (i != -1) { 64 os.write(buffer, 0, i); 65 i = bis.read(buffer); 66 } 67 } catch (IOException ex) { 68 // do something, 69 // probably forward to an Error page 70 } finally { 71 if (bis != null) { 72 try { 73 bis.close(); 74 } catch (IOException e) { 75 } 76 } 77 if (fis != null) { 78 try { 79 fis.close(); 80 } catch (IOException e) { 81 } 82 } 83 } 84 } 85 return null; 86 } 87 88 }
secret.pdf文件放在WEB-INF/data目录下,因此不可能直接访问
只有得到授权才能访问,才能看到它
2.
1 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %> 2 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 3 <!DOCTYPE HTML> 4 <html> 5 <head> 6 <title>Login</title> 7 <style type="text/css">@import url("<c:url value="/css/main.css"/>");</style> 8 </head> 9 <body> 10 <div id="global"> 11 <form:form commandName="login" action="login" method="post"> 12 <fieldset> 13 <legend>Login</legend> 14 <p> 15 <label for="userName">User Name: </label> 16 <form:input id="userName" path="userName" cssErrorClass="error"/> 17 </p> 18 <p> 19 <label for="password">Password: </label> 20 <form:password id="password" path="password" cssErrorClass="error"/> 21 </p> 22 <p id="buttons"> 23 <input id="reset" type="reset" tabindex="4"> 24 <input id="submit" type="submit" tabindex="5" 25 value="Login"> 26 </p> 27 </fieldset> 28 </form:form> 29 </div> 30 </body> 31 </html>
3.
1 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 2 <!DOCTYPE HTML> 3 <html> 4 <head> 5 <title>Download Page</title> 6 <style type="text/css">@import url("<c:url value="/css/main.css"/>");</style> 7 </head> 8 <body> 9 <div id="global"> 10 <h4>Please click the link below.</h4> 11 <p> 12 <a href="resource_download">Download</a> 13 </p> 14 </div> 15 </body> 16 </html>
http://localhost:8080/app12a/login测试
2.防止交叉引用
为了防止通过交叉引用窃取你的网站资源
如果通过编程,使得只有当referer标题中包含你的域名时才发生资源,
就可以防止那种情况发生
1 package app12a.controller; 2 3 import java.io.BufferedInputStream; 4 import java.io.File; 5 import java.io.FileInputStream; 6 import java.io.IOException; 7 import java.io.OutputStream; 8 9 import javax.servlet.http.HttpServletRequest; 10 import javax.servlet.http.HttpServletResponse; 11 12 import org.apache.commons.logging.Log; 13 import org.apache.commons.logging.LogFactory; 14 import org.springframework.stereotype.Controller; 15 import org.springframework.web.bind.annotation.PathVariable; 16 import org.springframework.web.bind.annotation.RequestHeader; 17 import org.springframework.web.bind.annotation.RequestMapping; 18 import org.springframework.web.bind.annotation.RequestMethod; 19 20 @Controller 21 public class ImageController { 22 23 private static final Log logger = LogFactory.getLog(ImageController.class); 24 25 @RequestMapping(value="/image_get/{id}", method = RequestMethod.GET) 26 public void getImage(@PathVariable String id, 27 HttpServletRequest request, 28 HttpServletResponse response, 29 @RequestHeader String referer) { 30 if (referer != null) { 31 String imageDirectory = request.getServletContext(). 32 getRealPath("/WEB-INF/image"); 33 File file = new File(imageDirectory, 34 id + ".jpg"); 35 if (file.exists()) { 36 response.setContentType("image/jpg"); 37 byte[] buffer = new byte[1024]; 38 FileInputStream fis = null; 39 BufferedInputStream bis = null; 40 // if you're using Java 7, use try-with-resources 41 try { 42 fis = new FileInputStream(file); 43 bis = new BufferedInputStream(fis); 44 OutputStream os = response.getOutputStream(); 45 int i = bis.read(buffer); 46 while (i != -1) { 47 os.write(buffer, 0, i); 48 i = bis.read(buffer); 49 } 50 } catch (IOException ex) { 51 // do something here 52 } finally { 53 if (bis != null) { 54 try { 55 bis.close(); 56 } catch (IOException e) { 57 58 } 59 } 60 if (fis != null) { 61 try { 62 fis.close(); 63 } catch (IOException e) { 64 65 } 66 } 67 } 68 } 69 } 70 } 71 }
2.
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Photo Gallery</title> 5 </head> 6 <body> 7 <img src="image_get/1"/> 8 <img src="image_get/2"/> 9 <img src="image_get/3"/> 10 <img src="image_get/4"/> 11 <img src="image_get/5"/> 12 <img src="image_get/6"/> 13 <img src="image_get/7"/> 14 <img src="image_get/8"/> 15 <img src="image_get/9"/> 16 <img src="image_get/10"/> 17 </body> 18 </html>
