防跨域

1、建立CrossDomainFilter.java

package net.hlj.common.filter;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * @项目名：houseInfo
 * @包名：net.hlj.common.filter
 * @文件名：CrossDomainFilter.java
 * @日期：Feb 9, 2012 3:49:24 PM
 * @备注：防跨域
 * @作者：apple
 */
public class CrossDomainFilter implements Filter{

	private static Log log = LogFactory.getLog(CrossDomainFilter.class);

	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	public void doFilter(ServletRequest arg0, ServletResponse arg1,
			FilterChain arg2) throws IOException, ServletException {
		// TODO Auto-generated method stub
		HttpServletRequest request = (HttpServletRequest) arg0;
		HttpServletResponse response = (HttpServletResponse) arg1;
		String servername_str = request.getServerName();//取前一个地址
		String currentURI = request.getRequestURI();
		Enumeration headerValues = request.getHeaders("Referer");
		String tmpHeaderValue = "";
		boolean isValid = true;
		//指定需要跳过拦截的页面地址，如果需要新增，可直接在数组中添加。
		String [] ignoreURIS={"/back/"};
		while (headerValues.hasMoreElements()) {
			// 得到完整的路径：如“http://www.xxx.com/xxx/xxx.jsp?id=xxx”
		    tmpHeaderValue = (String) headerValues.nextElement();
		    }
//		if(log.isInfoEnabled()){
//		    log.info(" 获得的参数url为: " + tmpHeaderValue );
//		    log.info(" 系统取得的url为："+ currentURI);
//		   }

		if ("".equals(tmpHeaderValue)) {
		    isValid = false;
//		    if(log.isInfoEnabled()){
//		     log.info(" 获得的参数url为: empty");
//		     log.info(" 系统取得的url为："+ currentURI);
//		     log.info("系统提示：请求可能来自外域！"); 
//		    }

		   } else {
//		    if(log.isInfoEnabled()){
//		     log.info("获得的参数长度为:"+tmpHeaderValue.length());
//		    }
		    tmpHeaderValue = tmpHeaderValue.toLowerCase();
		    servername_str = servername_str.toLowerCase();

		    int len = 0;
		    if (tmpHeaderValue.startsWith("https://")) {
		     len = 8;
		    } else if (tmpHeaderValue.startsWith("http://")) {
		     len = 7;
		    }

//		    if(log.isInfoEnabled()){
//		     log.info("截取前的字符串为：" + tmpHeaderValue );
//		     log.info( "从第 " + len + " 位开始截取，截取长度为：" + servername_str.length());
//		    }
		    String tmp = tmpHeaderValue.substring(len, servername_str.length() + len);
//		    if(log.isInfoEnabled()){
//		     log.info("截取后的字符串为：" + tmp);
//		    }
		    if (tmp.length() < servername_str.length()) { // 长度不够
		     isValid = false;
//		     if(log.isInfoEnabled()){
//		      log.info("截取后的字符串长度不够,请求可能来自外域！");
//		     }
		    } else if (!tmp.equals(servername_str)) {// 比较字符串（主机名称）是否相同
		     isValid = false;
//		     if(log.isInfoEnabled()){
//		      log.info("域名匹配失败，请求来自外域！");
//		     }
		    }
		   }
		  
		  
		   // 跳过指定需要拦截的页面地址
		   for (String ignoreURI : ignoreURIS) {
		    if(currentURI.contains(ignoreURI)){
		     isValid=true;
//		     if(log.isInfoEnabled()){
//		      log.info("系统已跳过检查以下url："+currentURI);
//		     }
		    }
		   }
		   
		   //如果第一次访问
		   if(tmpHeaderValue.equals("")){
			   isValid=true;
		   }
		   
		   if (!isValid) {
		   
//		    if(log.isInfoEnabled()){
//		     log.info("系统提示信息：URL为跨域请求，即将重定向到首页。 ");
//		    }
//		    response.sendRedirect("/example/exampleIndex.jsp");
			   
			PrintWriter out=response.getWriter();
			out.print("Page Not Found!");
		   } else {
		    arg2.doFilter(arg0, arg1);
		   }


	}

	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}

}

 2、web.xml

 	<!-- 防跨域 -->
	<filter>
		<filter-name>CrossDomainFilter</filter-name> 
		<filter-class>net.hlj.common.filter.CrossDomainFilter</filter-class> 
	</filter> 
	<filter-mapping> 
		<filter-name>CrossDomainFilter</filter-name> 
		<url-pattern>*</url-pattern> 
	</filter-mapping>