jstl自定义标签防盗链
- *自定义标签的使用主要包括以下三个部分
- 1.tagServlet代码设计
- 2.tld文件配置
- 3.jsp页面引用自定义标签
代码块
tagServlet代码如下:
@requires_authorization
package example;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
public class tagFangDaoLian extends SimpleTagSupport{
private String site;
private String page;
public void setSite(String site) {
this.site = site;
}
public void setPage(String page) {
this.page = page;
}
@Override
public void doTag() throws JspException, IOException {
PageContext pc = (PageContext) this.getJspContext();
HttpServletRequest request = (HttpServletRequest) pc.getRequest();
String referer = request.getHeader("referer");
HttpServletResponse response = (HttpServletResponse) pc.getResponse();
System.out.println(request.getContextPath());
if(referer==null||!referer.startsWith(site)){
//做出判断,如果为空或符合盗链链接,准备进入盗链者界面
if(page.startsWith(request.getContextPath())){
response.sendRedirect(page);
}else if(page.startsWith("/")){
response.sendRedirect(request.getContextPath()+page);
}else{
response.sendRedirect(request.getContextPath()+"/"+page);
}
throw new SkipPageException();
}
}
}
tld配置文件代码如下:
@requires_authorization
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<tlib-version>1.0</tlib-version>
<short-name>showlist</short-name>
<uri>/tag</uri>
<tag>
<name>untheft</name>
<tag-class>example.tagFangDaoLian</tag-class>
<body-content>empty</body-content>
<attribute>
<name>site</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>page</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
jsp页面调用如下:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib prefix="m" uri="/tag" %>**
<m:untheft site="http://localhost" page="untheft.jsp"/>**
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'main.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<h3>选项</h3>
<a href="jsp/save.jsp">添加新员工</a>
<a href="${pageContext.request.contextPath}/servlet/selectPageServlet?pageNum=1">查看所有员工</a>
</body>
</html>
说明:
当用户以http:localhost(即site,可以自己更改属性)为请求头时,标签将执行,自动转入page界面[^footnote].