public class MyFilter implements Filter {
private Logger logger = LoggerFactory.getLogger(MyFilter.class);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String rawReferer = req.getHeader("referer");
boolean legal = false;
if (StringUtils.isBlank(rawReferer)) {
legal = true;
} else {
try {
URL url = new URL(rawReferer);
String clientIp = req.getRemoteAddr();
String referIp = url.getHost();
String localIp = req.getLocalAddr();
if (StringUtils.equals(clientIp, referIp)) {
legal = true;
}
if (StringUtils.equals("localhost", referIp) || StringUtils.equals("127.0.0.1", referIp) || StringUtils.equals(localIp, referIp)) {
legal = true;
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
if (!legal) {
logger.warn(" illegal referer: {}", rawReferer);
resp.sendError(HttpServletResponse.SC_FORBIDDEN);
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
}
JSON劫持解决
猜你喜欢
转载自blog.csdn.net/qq_38618691/article/details/114360904
今日推荐
周排行