浏览器在向 web 服务器发送一个 http 请求的时候,服务器会把 http 的请求包装成一个 request 对象,在这些请求里面就包括 referer,它的意思是要告诉服务器,该请求来自哪里。比如在一个网页里面插入一个超链接,链接到其他的网页,那么当点击这个超链接从而链接到另外一个页面的时候,相当于浏览器向 web 服务器发送了一个 http 请求,对于另外一个页面而言,这个 referer 就是上一个页面的 URL,而对于从地址栏里面直接输入 URL 或者是刷新网页的方式,则 referer = null,通过设置这个 referer 可以防止盗链的问题
看下面的代码,比如我从浏览器的地址栏里面直接输入地址:http://localhost:8080/Servlet1/MainFrame,然后点击回车键,则会输出:非法入侵
- package com.mx.view;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- public class MainFrame extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html;charset=utf-8");
- PrintWriter out = response.getWriter();
- String referer=response.getHeader("Referer");
- if(referer==null||!referer.startsWith("http://localhost:8080/Servlet1")){
- response.sendRedirect("/Servlet1/Error");
- }else{
- out.println("合法查看!");
- }
- response.setContentType("text/html;charset=utf-8");
- out.println("<h1>登录界面</h1>");
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- this.doGet(request, response);
- }
- }
- package com.mx.view;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- public class Error extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html;charset=utf-8");
- PrintWriter out = response.getWriter();
- out.println("非法入侵");
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- this.doGet(request, response);
- }
- }
附 Servlet1 项目目录图: