有的资源你点出后会有广告,广告旁边是资源连接,有些人直接把资源连接发给别人,企图不看广告直接进入链接拿资源,为了防止盗链行为的发生,我们要检测用户访问url的情况来进行一系列措施。
需要实现的功能就是,当用户想要查看"机密文档"的时候,如果是直接输入机密文档的url,而不是广告的url,我们得先让他跳转到广告页面的url,看完广告后就可以让他看“机密文档”了。
模拟过程:用户输入机密文件的url(或者在其他网站),这时候进入Servlet,response的getHeader("referer")方法会得到来访地址,用此判断是否是从index.jsp网页的url来的,如果不是,跳入带广告的index.jsp,如果是就把机密文件的内容加载,然后显示给用户。
原理:
静态页面index.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body>
<a href="/day06/servlet/ResponseDemo6">查看图书</a>
<br/> 看广告<br/>
<a href="/day06/servlet/RequestDemo9">看机密文件</a>
</body>
</html>
RequestDemo9.java:
package cn.edu.Request;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
//防盗链
public class RequestDemo9 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
//得到来访地址
String referer=request.getHeader("referer");
if(referer==null||!referer.startsWith("http://localhost")){
//此处为盗链的情况,这个时候要让用户去主页(或其他页面,让用户看广告或其它。。。。)
response.sendRedirect("/day06/index.jsp");
return;
}
String data="机密文档";
response.getWriter().write(data);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
}
RequestDemo6.java:
package cn.edu.Request;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class RequestDemo6 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String data="XXXXXXX";
request.setAttribute("data",data);
request.getRequestDispatcher("/message.jsp").forward(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
}
message.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'message.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
${data}
<%
String data=(String)request.getAttribute("data");
out.write(data);
%>
</body>
</html>