前言描述:最近项目里,安全测试组发现通过SQL注入可以轻松登录后台管理系统,于是就加了个CSRF跨站请求伪造功能,防止被恶意登录。
以下是代码部分:
package com.faw.***.common.xss;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CSRFFilter implements Filter {
private FilterConfig filterConfig = null;
@Override
public void destroy() {
this.filterConfig = null;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException