注解方式filter过滤器进行header 简单安全验证以及放过静态资源

于 2019-06-13 12:43:56 发布
阅读量1.8k 收藏 5
点赞数 1
文章标签: filter
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42714698/article/details/91835672
版权

起因:项目前台代码和后台代码未分离,临时设置一个简单的安全验证,需要对静态资源进行过滤。


import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Component;

import com.alibaba.druid.util.StringUtils;

@WebFilter(filterName = "loginFilter", value = "/*")
@Component
public class LoginFilter implements Filter {
    private static final String NAME = "x'x'x";  //header名称
    private static final String ERROR = "x'x'x x'x'x";  //错误返回
    private static final String VALUE = "x'x'x"; //header值

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
        throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String uri = request.getRequestURI();//取到你访问的资源
        String loginToken = request.getHeader(NAME); //获取到对应名称header 的值
        if (uri.equals("/")) {  //静态资源默认访问路径在/下,所以放过
            filterChain.doFilter(servletRequest, servletResponse);
        }
        if (isStaticResource(uri)) {  //判断是否是静态资源
            filterChain.doFilter(servletRequest, servletResponse);
        }
        if (StringUtils.isEmpty(loginToken)) {  //验证token有没有
            response.sendError(404, ERROR);
            return;
        }
        if (!VALUE.equals(loginToken)) { //验证token是否正确
            response.sendError(404, ERROR);
            return;
        }
        filterChain.doFilter(servletRequest, servletResponse);  //放过
    }

    @Override
    public void destroy() {

    }

    private Set<String> staticResourceTypes = new HashSet<String>();

    {
        staticResourceTypes.add(".html");
        staticResourceTypes.add(".css");
        staticResourceTypes.add(".js");
        staticResourceTypes.add(".png");
        staticResourceTypes.add(".jpg");
        staticResourceTypes.add(".otf");
        staticResourceTypes.add(".eot");
        staticResourceTypes.add(".svg");
        staticResourceTypes.add(".ttf");
        staticResourceTypes.add(".woff");
        staticResourceTypes.add(".gif");
        staticResourceTypes.add(".ico");
        staticResourceTypes.add(".txt");
        staticResourceTypes.add(".gzip");
        staticResourceTypes.add(".xz");
        staticResourceTypes.add(".tar.gz");
        staticResourceTypes.add(".tar.bz2");
        staticResourceTypes.add(".jar");
        staticResourceTypes.add(".war");
        staticResourceTypes.add(".7z");
        staticResourceTypes.add(".tgz");
        staticResourceTypes.add(".gz");
        staticResourceTypes.add(".map");

    }

    public final boolean isStaticResource(String url) {

        boolean result = false;
        if (org.apache.commons.lang3.StringUtils.isBlank(url)) {
            return result;
        }
        int start = url.lastIndexOf(".");
        if (start < 0) {
            return result;
        }
        String prex = url.substring(start, url.length());
        return staticResourceTypes.contains(prex);
    }
}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值