简单的防盗链过滤器
简单的防盗链过滤器代码,保护cwb目录和dir2目录下的zip文件不被盗链。
一、web.xml文件
<?
xml version="1.0" encoding="ISO-8859-1"
?>
<
web-app
xmlns
="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi
="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation
="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version
="2.4"
>
<
display-name
>
Welcome to Tomcat
</
display-name
>
<
description
>
Welcome to Tomcat
</
description
>
<
filter
>
<
filter-name
>
SecurityFilter
</
filter-name
>
<
filter-class
>
example.SecurityFilter
</
filter-class
>
</
filter
>
<
filter-mapping
>
<
filter-name
>
SecurityFilter
</
filter-name
>
<
url-pattern
>
/dir2/*
</
url-pattern
>
</
filter-mapping
>
<
filter-mapping
>
<
filter-name
>
SecurityFilter
</
filter-name
>
<
url-pattern
>
/cwb/*
</
url-pattern
>
</
filter-mapping
>
<
servlet
>
<
servlet-name
>
log4j-init
</
servlet-name
>
<
servlet-class
>
example.Log4jInit
</
servlet-class
>
<
init-param
>
<
param-name
>
log4j
</
param-name
>
<
param-value
>
WEB-INF/log4j.properties
</
param-value
>
</
init-param
>
<
load-on-startup
>
1
</
load-on-startup
>
</
servlet
>
</
web-app
>
二、过滤器代码
package
example;
import
javax.servlet.Filter;
import
javax.servlet.FilterConfig;
import
javax.servlet.ServletRequest;
import
javax.servlet.ServletResponse;
import
javax.servlet.FilterChain;
import
javax.servlet.ServletException;
import
javax.servlet.http.
*
;
import
java.io.IOException;
import
java.util.Iterator;
import
java.util.Set;
import
java.util.HashSet;
import
org.apache.log4j.
*
;
public
class
SecurityFilter
implements
Filter
{
private static final String JAVA3Z_URL = "http://www.java3z.com/cwbwebhome/index.html";
private static final String K_URL="http://www.xxx.com/index.html";
private Logger logger = Logger.getLogger("this.SecurityFilter");
/**
* Initializes the Filter.
*/
public void init(FilterConfig filterConfig) throws ServletException {
}
/**
* Standard doFilter object.
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
//logger.info("doFilter");
HttpServletRequest req1=(HttpServletRequest)req;
HttpServletResponse res1=(HttpServletResponse)res;
String contextPath = req1.getContextPath();
String requestUri = req1.getRequestURI();
//logger.info("requestUri = " + requestUri);
String referer=req1.getHeader("Referer");
if(referer!=null&&referer.indexOf("www.java3z.com") < 0&&referer.indexOf("www.xxx.com") < 0){
if(requestUri.indexOf("cwb")!=-1){
res1.sendRedirect(JAVA3Z_URL);
}else{
res1.sendRedirect(K_URL);
}
}else{
chain.doFilter(req, res);
}
}
public void destroy() {}
}
一、web.xml文件
<?
xml version="1.0" encoding="ISO-8859-1"
?>
<
web-app
xmlns
="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi
="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation
="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version
="2.4"
>
<
display-name
>
Welcome to Tomcat
</
display-name
>
<
description
>
Welcome to Tomcat
</
description
>
<
filter
>
<
filter-name
>
SecurityFilter
</
filter-name
>
<
filter-class
>
example.SecurityFilter
</
filter-class
>
</
filter
>
<
filter-mapping
>
<
filter-name
>
SecurityFilter
</
filter-name
>
<
url-pattern
>
/dir2/*
</
url-pattern
>
</
filter-mapping
>
<
filter-mapping
>
<
filter-name
>
SecurityFilter
</
filter-name
>
<
url-pattern
>
/cwb/*
</
url-pattern
>
</
filter-mapping
>
<
servlet
>
<
servlet-name
>
log4j-init
</
servlet-name
>
<
servlet-class
>
example.Log4jInit
</
servlet-class
>
<
init-param
>
<
param-name
>
log4j
</
param-name
>
<
param-value
>
WEB-INF/log4j.properties
</
param-value
>
</
init-param
>
<
load-on-startup
>
1
</
load-on-startup
>
</
servlet
>
</
web-app
>
二、过滤器代码
package
example;
import
javax.servlet.Filter;
import
javax.servlet.FilterConfig;
import
javax.servlet.ServletRequest;
import
javax.servlet.ServletResponse;
import
javax.servlet.FilterChain;
import
javax.servlet.ServletException;
import
javax.servlet.http.
*
;
import
java.io.IOException;
import
java.util.Iterator;
import
java.util.Set;
import
java.util.HashSet;
import
org.apache.log4j.
*
;
public
class
SecurityFilter
implements
Filter
{
private static final String JAVA3Z_URL = "http://www.java3z.com/cwbwebhome/index.html"; private static final String K_URL="http://www.xxx.com/index.html"; private Logger logger = Logger.getLogger("this.SecurityFilter"); /**
* Initializes the Filter. */ public void init(FilterConfig filterConfig) throws ServletException { } /** * Standard doFilter object. */ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { //logger.info("doFilter"); HttpServletRequest req1=(HttpServletRequest)req; HttpServletResponse res1=(HttpServletResponse)res; String contextPath = req1.getContextPath(); String requestUri = req1.getRequestURI(); //logger.info("requestUri = " + requestUri); String referer=req1.getHeader("Referer"); if(referer!=null&&referer.indexOf("www.java3z.com") < 0&&referer.indexOf("www.xxx.com") < 0){ if(requestUri.indexOf("cwb")!=-1){ res1.sendRedirect(JAVA3Z_URL); }else{ res1.sendRedirect(K_URL); } }else{ chain.doFilter(req, res); } } public void destroy() {} }