java防止跨域攻击
编程语言
2018-05-11 19:57:45
阅读次数: 1
-
-
-
-
-
-
- @SuppressWarnings("rawtypes")
- publicstatic boolean validateRequest(HttpServletRequest request) {
- String referer = "";
- booleanreferer_sign = true;
- Enumeration headerValues = request.getHeaders("referer");
- while(headerValues.hasMoreElements()) {
- referer = (String) headerValues.nextElement();
- }
-
- if(StringUtils.isBlank(referer)) referer_sign = false;
- else{
-
- String servername_str = request.getServerName();
- if(StringUtils.isNotBlank(servername_str)) {
- intindex = 0;
- if(StringUtils.indexOf(referer, "https://") == 0) {
- index = 8;
- }
- elseif (StringUtils.indexOf(referer, "http://") == 0) {
- index = 7;
- }
- if(referer.length() - index < servername_str.length()) {
- referer_sign = false;
- }
- else{
- String referer_str = referer.substring(index, index + servername_str.length());
- if(!servername_str.equalsIgnoreCase(referer_str)) referer_sign = false;
- }
- }
- elsereferer_sign = false;
- }
- returnreferer_sign;
- }
转载自hongwei3344661.iteye.com/blog/2357080