JSP标签案例-开发防盗链标签
盗链是指服务提供商自己不提供服务内容,通过技术手段绕过其他有利益的最终用户界面(如广告),直接在自己的网站上向最终用户提供其他服务提供商的服务内容,片区最终用户的浏览和点击率.受益者不提供资源或是提供很少的资源,而真正的服务提供商却得不到任何的收益.
解决途径:
限制引用页
这种防盗链原理是,服务器获取用户提交信息的网站地址,然后和真正的服务端的地址相比较,如果一致则表明是站内提交,或者为自己信任的站点提交,否则视为盗链.
目标:要开发的标签
<s:referrer site="http://localhost:8080"page="/index.jsp"/>
site:受信任站点,只允许次站点的请求.
page:正确的链接页面,发现盗链后将其自动转入此页面.
步骤
1) 标签处理类
public void doTag() throws JspException, IOException{
PageContext pageContext = (PageContext) this.getJspContext();
HttpServletRequest request =
(HttpServletRequest) pageContext.getRequest();
HttpServletResponse response =
(HttpServletResponse)pageContext.getResponse();
String referer = request.getHeader("referer");
System.out.println(request.getContextPath());
if(referer==null | !referer.startsWith(site)){
//判断是否盗链
//根据page属性值,讲链接重定向指访问被盗链内容的正确页面
StringcontextPath = request.getContextPath();
if(page.startsWith(contextPath)){
response.sendRedirect(page);
}elseif(page.startsWith("/")){
response.sendRedirect(contextPath+ page);
}else{
response.sendRedirect(contextPath+ "/" + page);
}
thrownew SkipPageException();
}
}
2) 描述文件
<?xml version="1.0" encoding="UTF-8"?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<description>A tag libraryexercising SimpleTag handlers.</description>
<tlib-version>1.0</tlib-version>
<short-name>sword</short-name>
<uri>http://www.sword.com</uri>
<tag>
<description>referer demo</description>
<name>referer</name>
<tag-class>cn.csdn.web.Tag.RefererTag</tag-class>
<body-content>empty</body-content>
<attribute>
<name>site</name>
<required>true</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<name>page</name>
<required>true</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>
</taglib>
3) 在内容页面使用标签
链接页面
<%@ pagelanguage="java" import="java.util.*"pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<head>
<base href="<%=basePath%>">
</head>
<body>
This is my JSPpage. <br>
<a href="./content.jsp">come on</a>
</body>
</html>
想要跳转到的页面
<%@ pagelanguage="java" import="java.util.*"pageEncoding="UTF-8"%>
<%@ tagliburi="http://www.sword.com" prefix="sword"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<sword:referer site="http://localhost:8080" page="Demo1.jsp"/>
<html>
<head>
<base href="<%=basePath%>">
</head>
<body>
<h1>累了 有木有</h1>
</body>
</html>