Java 防盗链 Referer
原创
©著作权归作者所有:来自51CTO博客作者xinjiatao的原创作品,请联系作者获取转载授权,否则将追究法律责任
public class HTTPWebAuthFilter implements Filter {
@Autowired
private CommonConfig commonConfig;
@Autowired
private HttpSession session;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
filterConfig.getServletContext());
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// 防盗链
String refer = httpRequest.getHeader("Referer");
if(!WebTool1.isNull(refer)
&& refer.indexOf(commonConfig.getLocalServerName()) < 0){
String str = "<script language='javascript'>alert('您的违规操作将被中止、记录并保留追溯权利!');"
+ "window.top.location.href='"
+ httpRequest.getContextPath()+"/bi/init"
+ "';</script>";
response.setContentType("text/html;charset=UTF-8");// 解决中文乱码
PrintWriter writer = response.getWriter();
try {
writer.write(str);
writer.flush();
writer.close();
} catch (Exception e) {
e.printStackTrace();
}finally{
writer.close();
}
return;
}
if(httpRequest.getRequestURI().endsWith("/login") ){
if(WebTool1.isNull(session.getAttribute(commonConfig.getAccHeader()))){
chain.doFilter(request, response);
}else{
if(!WebTool1.isNull(httpRequest.getParameterMap().get("account"))
&& httpRequest.getParameterMap().get("account").length > 0){
chain.doFilter(request, response);
}else{
request.setAttribute("roleModels", session.getAttribute("roleModels"));
request.setAttribute("username", session.getAttribute("username"));
request.getRequestDispatcher("/WEB-INF/jsp/welcome.jsp").forward(request, response);
return;
}
}
}else{
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
}
