1.防盗链简介
防盗链Filter实现这样一种效果,如果其他网站引用本网站的图片资源,将会显示一个错误图片。只有本站内的网页引用时,图片才会正常显示。即在图片显示之前对request进行验证,看客户请求是否来自本网站内,代码如下。
package com.wang.indentity;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet Filter implementation class myFilter
*/
@WebFilter("/myFilter")
public class imageRedirectFilter implements Filter {
/**
* Default constructor.
*/
public imageRedirectFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String referer = req.getHeader("referer");
System.out.println("referer=="+referer);
System.out.println("req.getServerName()=="+req.getServerName());
System.out.println("req.getServerName()=="+(referer == null || !referer.contains(req.getServerName())));
if(referer == null || !referer.contains(req.getServerName())){
req.getRequestDispatcher("/images/error.gif").forward(req, res);
}else{
chain.doFilter(req, res);
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Insert title here</title>
</head>
<body>
<a href="images/success.jpg" >正确访问</a>
</body>
</html>
直接在浏览器上输入网址访问会显示错误图片
从jsp访问会显示正确图片