判断请求是否是同一个域名

// 判断是否同个域名
    public static boolean validate(HttpServletRequest request) {
        String Referer = "";
        boolean referer_sign = true; // true 站内提交,验证通过 //false 站外提交,验证失败
        Enumeration headerValues = request.getHeaders("Referer");
        while (headerValues.hasMoreElements())
            Referer = (String) headerValues.nextElement();
        // 判断是否存在请求页面
        if (Referer == null || Referer.length() < 1)
            referer_sign = false;
        else {
            // 判断请求页面和getRequestURI是否相同
            String servername_str = request.getServerName();
            if (servername_str != null || servername_str.length() > 0) {
                int index = 0;
                if (Referer.indexOf("https://") == 0) {
                    index = 8;
                } else if (Referer.indexOf("http://") == 0) {
                    index = 7;
                }
                if (Referer.length() - index < servername_str.length()) // 长度不够
                    referer_sign = false;
                else { // 比较字符串(主机名称)是否相同
                    String referer_str = Referer.substring(index, index + servername_str.length());
                    if (!servername_str.equalsIgnoreCase(referer_str))
                        referer_sign = false;
                }
            } else
                referer_sign = false;
        }
        return referer_sign;
    }

 

posted @ 2017-10-27 10:30  冬天不眠  阅读(856)  评论(0编辑  收藏  举报