07-标签案例-开发防盗链标签
防盗链可以通过URLConnection手动修改referer,是防盗链失效
- 1.jsp
- 定义防盗链site和page属性
<e:referer site="http://localhost" page="index.jsp"/>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib uri="/example" prefix="e" %>
<!DOCTYPE html>
<e:referer site="http://localhost" page="index.jsp"/>
<html>
<head>
<title>Insert title here</title>
</head>
<body>
凤姐。。。。。。。。。。。。。。。。。。。凤姐
</body>
</html>
- RefererTag.java
package cn.itcast.web.tag.example;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
public class RefererTag extends SimpleTagSupport {
private String site;
private String page;
public void setSite(String site) {
this.site = site;
}
public void setPage(String page) {
this.page = page;
}
@Override
public void doTag() throws JspException, IOException {
PageContext pageContext = (PageContext) this.getJspContext();
HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
HttpServletResponse response = (HttpServletResponse) pageContext.getResponse();
//1.得到来访者的referer
String referer = request.getHeader("referer");
if(referer == null || !referer.startsWith(site)) {
if(page.startsWith(request.getContextPath())) {
response.sendRedirect(page);
}else if(page.startsWith("/")) {
response.sendRedirect(request.getContextPath()+page);
}else {
response.sendRedirect(request.getContextPath()+"/"+page);
}
throw new SkipPageException();
}
//2.判断来访者的页面是不是防盗链的网站
//
super.doTag();
}
}
- example.tld
<!DOCTYPE taglib
PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN"
"http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<!-- 标签库描述符 -->
<taglib xmlns="http://java.sun.com/JSP/TagLibraryDescriptor">
<tlib-version>1.0</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>Simple Tags</short-name>
<uri>/example</uri>
<!-- hello world标签 -->
<tag>
<!-- 标签名 -->
<name>out</name>
<!-- 标签助手类 -->
<tag-class>com.OutTag</tag-class>
<!-- 标签的内容类型:empty表示空标签(使用空标签会报错,不能加入值),jsp表示可以为任何合法的JSP元素 -->
<body-content>JSP</body-content>
<attribute>
<name>value</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<!-- 标签名 -->
<name>referer</name>
<!-- 标签助手类 -->
<tag-class>cn.itcast.web.tag.example.RefererTag</tag-class>
<body-content>scriptless</body-content>
<attribute>
<name>site</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>page</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
发生盗链,跳转到index.jsp入口页面
- index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<title>Insert title here</title>
</head>
<body>
<a href="/day11/example/1.jsp">凤姐日记</a>
</body>
</html>