1.request.getRequestURL().toString();方法获得的是当前网页的IE地址。
2.request.getHeader(“referer”);方法获得的是请求页的地址。
然后使用 URL urlOne= new URL(String url);获得IE地址的服务主机名,比较之。
一般情况下,二者相等,若二者不等,则是从网站外部提交的。
代码如下:
1.index.jsp文件:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form name="form1" action="doform.jsp" method="post">
<table align = "center">
<tr>
<td> </td>
</tr>
<tr>
<td>用户名:</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<td align="center" colspan="2">
<input type="submit" name="action2" value="提交">
<input type="reset" name="Submit" value="重置">
</td>
</tr>
</table>
</form>
</body>
</html>
2.判断文件:doform.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ page import="java.net.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
String address = request.getHeader("referer");
String pathAdd="";
if(address!=null)
{
URL urlOne=new URL(address);
pathAdd = urlOne.getHost();
}
String address1=request.getRequestURL().toString();
String pathAdd1="";
if(address!=null)
{
URL urlTwo=new URL(address);
pathAdd1=urlTwo.getHost();
}
%>
<table align="center">
<tr>
<td> </td>
</tr>
<tr><td><%if(!pathAdd.equals(pathAdd1)){ %>
禁止在网站外部提交表单!!
<%} %>
</td></tr>
</table>
</body>
</html>
