JAVA代码
package com.umcservice.filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @description 拦截csrf攻击
* @version
*/
public class CSRFInterceptor extends HandlerInterceptorAdapter {
private static final String URL_PROTO_HTTP="http://";
private static final String URL_PROTO_HTTPS="https://";
private static final String HOME_PAGE = "http://0.0.0.0:8808/index.html";
private static final String HOME_PAGE2 = "http://0.0.0.0:8808/index.html";
// private static final String HOME_PAGE2 = "http://maap.wo.cn:8808/index.html";
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
String referer = request.getHeader("Referer");
if(StringUtils.isNotBlank(referer)){
if(referer.startsWith(URL_PROTO_HTTP)){
referer = referer.replace(URL_PROTO_HTTP, "");
}else if(referer.startsWith(URL_PROTO_HTTPS)){
referer = referer.replace(URL_PROTO_HTTPS, "");
}
int i = referer.indexOf("/");
if(i > 0){
referer = referer.substring(0,i);
if(referer.indexOf(":") > 0){
referer= referer.substring(0, referer.indexOf(":"));
}
}
String serName = request.getServerName();
if(!referer.contains(serName)){ //不同域请求 视为非法
response.sendRedirect(HOME_PAGE2);
return false;
}else{
return true;
}
}else{
// String url = request.getRequestURL().toString();
// if(url.contains("172.27.114.28") || url.contains("111.202.93.185") || url.contains("getmobilefile.do")){
// return true;
// }
// System.out.println("----url------"+url);
// if(!url.startsWith(HOME_PAGE) && !url.startsWith(HOME_PAGE2)){
// System.out.println("准备重定向");
// response.sendRedirect(HOME_PAGE2);
// return false;
// }
return true;
}
}
}
配置spring-mvc.xml
<mvc:interceptors>
<bean class="com.umcservice.filter.CSRFInterceptor" />
</mvc:interceptors>