自定义标签防盗链"/>
jstl自定义标签防盗链
jstl自定义标签防盗链
- *自定义标签的使用主要包括以下三个部分
- 1.tagServlet代码设计
- 2.tld文件配置
- 3.jsp页面引用自定义标签
代码块
tagServlet代码如下:
@requires_authorization
package example;import java.io.IOException;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.SkipPageException;
import javax.servlet.jsp.tagext.SimpleTagSupport;public class tagFangDaoLian extends SimpleTagSupport{private String site;private String page;public void setSite(String site) {this.site = site;}public void setPage(String page) {this.page = page;}@Overridepublic void doTag() throws JspException, IOException {PageContext pc = (PageContext) this.getJspContext();HttpServletRequest request = (HttpServletRequest) pc.getRequest();String referer = request.getHeader("referer");HttpServletResponse response = (HttpServletResponse) pc.getResponse();System.out.println(request.getContextPath());if(referer==null||!referer.startsWith(site)){//做出判断,如果为空或符合盗链链接,准备进入盗链者界面if(page.startsWith(request.getContextPath())){response.sendRedirect(page);}else if(page.startsWith("/")){response.sendRedirect(request.getContextPath()+page);}else{response.sendRedirect(request.getContextPath()+"/"+page);}throw new SkipPageException();}}
}
tld配置文件代码如下:
@requires_authorization
<?xml version="1.0" encoding="UTF-8" ?>
<taglib xmlns=""xmlns:xsi=""xsi:schemaLocation=" .xsd"version="2.0"><tlib-version>1.0</tlib-version><short-name>showlist</short-name><uri>/tag</uri><tag><name>untheft</name><tag-class>example.tagFangDaoLian</tag-class><body-content>empty</body-content><attribute><name>site</name><required>true</required><rtexprvalue>true</rtexprvalue></attribute><attribute><name>page</name><required>true</required><rtexprvalue>true</rtexprvalue></attribute>
</tag></taglib>
jsp页面调用如下:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib prefix="m" uri="/tag" %>**<m:untheft site="http://localhost" page="untheft.jsp"/>**
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><base href="<%=basePath%>"><title>My JSP 'main.jsp' starting page</title><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--></head><body><h3>选项</h3><a href="jsp/save.jsp">添加新员工</a><a href="${pageContext.request.contextPath}/servlet/selectPageServlet?pageNum=1">查看所有员工</a></body>
</html>说明:
当用户以http:localhost(即site,可以自己更改属性)为请求头时,标签将执行,自动转入page界面[^footnote].
更多推荐
jstl自定义标签防盗链
发布评论