防盗链:就是用户不访问你的网站其他页面,直接在地址栏中输入他要访问页面的地址直接访问,而防盗链则阻止访问者进行这样访问。
1.开发的标签处理器类
package com.jstl.tag.example;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
/*
* 开发防盗链的自定义标签处理器类
* */
public class Referer extends SimpleTagSupport{
//防盗链的网站
private String site;
//防盗链的页面
private String page;
public void setSite(String site) {
this.site = site;
}
public void setPage(String page) {
this.page = page;
}
@Override
public void doTag() throws JspException, IOException {
//获取pageContext对象,通过这个对象获取request和response对象
PageContext context = (PageContext) this.getJspContext();
//获取response和request对象
HttpServletRequest request = (HttpServletRequest) context.getRequest();
HttpServletResponse response = (HttpServletResponse) context.getResponse();
String referer = request.getHeader("referer");
System.out.println(referer);
if(referer == null || !referer.startsWith(site)){
//对page的格式进行判断 1.可能包含了web应用的名称 /JstlTest/1.jsp 2.没有包含,但是以/开头 3.没有/,只有访问的页面
if(page.startsWith(request.getContextPath())){
response.sendRedirect(page);
}else if(page.startsWith("/")){
response.sendRedirect(request.getContextPath()+page);
}else{
response.sendRedirect(request.getContextPath()+"/"+page);
}
//如果是盗链访问,则不再执行后面的jsp页面,抛出异常
throw new SkipPageException();
}else{
super.doTag();
}
}
}
2.在tld文件中进行描述
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<description>A tag library exercising SimpleTag handlers.</description>
<tlib-version>1.0</tlib-version>
<short-name>SimpleTagLibrary</short-name>
<uri>http://www.jstl.tag.example</uri>
<tag>
<description>防盗链标签</description>
<name>referer</name>
<tag-class> com.jstl.tag.example.Referer</tag-class>
<body-content>empty</body-content>
<!-- 对属性进行描述 -->
<attribute>
<name>site</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>page</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
3.在防盗链的页面使用标签
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="http://www.jstl.tag.example" prefix="example" %>
<example:referer site="http://localhost" page="/index.jsp" />
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'referer.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
这是防盗链页面!
</body>
</html>