标签存档: 拦截器

Apache设置防盗链

作者: 日期: 2017年11月17日 没有评论

盗链,就是盗取链接,假如我们的网站有很多好看的图片,别人可以查看我们网站图片的链接,然后应用在他的网站上,这样的话,去访问他的网站,实际上消耗的是我们的流量(因为实际链接在我们这里),这样我们就不得不去配置防盗链,使得别人不能复制我们图片的链接。

[root@localhost ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/data/www"
    ServerName www.test.com
    ErrorLog "logs/test.com_error_log"
    CustomLog "logs/test.com_access_log" combined
    SetEnvIfNoCase Referer "^http://.*\.test\.com" local_ref    # 表示只有 test.com 和 abc.com 的访问才允许,其他的都拒绝
    SetEnvIfNoCase Referer ".*\. abc\.com" local_ref
    <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
        Order Allow,Deny
        Allow from env=local_ref
        Deny from all
    </filesmatch>
</VirtualHost>

SpringMVC拦截器Filter完整功能实例

作者: 日期: 2017年11月17日 没有评论

建立一个完整功能的Filter:

 package com.tom.web.filter;
 
 import com.tom.util.BaseUtil;
 import com.tom.util.CacheHelper;
 import com.tom.util.Constants;
 import java.io.IOException;
 import java.io.PrintWriter;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 public class TomFilter
   implements Filter
 {
   private String[] permitUrls = null;
   
   public void init(FilterConfig config) throws ServletException
   {
     String permitUrls = config.getInitParameter("permitUrls");
     if (BaseUtil.isNotEmpty(permitUrls)) {
       this.permitUrls = permitUrls.split(";");
     }
   }
   
   public void doFilter(ServletRequest request, ServletResponse response, 
       FilterChain chain)
     throws IOException, ServletException
   {
     HttpServletRequest req = (HttpServletRequest)request;
     HttpServletResponse res = (HttpServletResponse)response;
     HttpSession session = req.getSession();
     req.setAttribute("tm_base", Constants.getSiteBaseUrl(req));
     
     boolean isPermit = isPermitUrl(req);
     String uid = String.valueOf(session.getAttribute(
         Constants.SESSION_USERID));
     String sessionid = String.valueOf(session.getAttribute(
         Constants.SESSION_SESSID));
     
 
     if (BaseUtil.isEmpty(uid)) {
       if (isPermit) {
         chain.doFilter(req, res);
       } else {
         toLoginPage(req, res);
       }      
     }
     else
     {
       int checkcode = checkLoginStatus(uid, sessionid);
       
       if (checkcode == 1) {
         chain.doFilter(req, res);
       } else {
         if (checkcode == 0)
         { 
           session.setAttribute(Constants.SESSION_USERID, null);
           session.setAttribute(Constants.SESSION_USERNAME, null);
           session.setAttribute(Constants.SESSION_USERTYPE, null);
           session.setAttribute(Constants.SESSION_USERGID, null);
           session.setAttribute(Constants.SESSION_SESSID, null);
           
           toLoginPage(req, res);
           return;
         }        
         session.setAttribute(Constants.SESSION_USERID, null);
         session.setAttribute(Constants.SESSION_USERNAME, null);
         session.setAttribute(Constants.SESSION_USERTYPE, null);
         session.setAttribute(Constants.SESSION_USERGID, null);
         session.setAttribute(Constants.SESSION_SESSID, null);
         
         toStatusExpiredPage(req, res);
         return;
       }
     }
   }
   
   public void destroy()
   {
     permitUrls = null;
   } 
   private int checkLoginStatus(String uid, String sessionid)
   {
     String cache_sessionid = (String)CacheHelper.getCache(
         "SessionCache", "U" + uid);
      
     if (BaseUtil.isEmpty(cache_sessionid)) {
       return 0;
     }
      
     if (cache_sessionid.equals(sessionid)) {
       return 1;
     }
     
       return -1;
   }
   
   private void toStatusExpiredPage(HttpServletRequest request,
       HttpServletResponse response)
   {
     String path = request.getContextPath();
     String html = "<script>top.location.href='" + path + 
         "/common/expired.thtml';</script>";
     PrintWriter out = null;
     response.setContentType("text/html");
     response.setCharacterEncoding("UTF-8");
     try {
       out = response.getWriter();
       request.setCharacterEncoding("UTF-8");
     } catch (Exception e) {
       e.printStackTrace();
     }
     out.println(html);
     out.flush();
     out.close();
   }
   
   private void toLoginPage(HttpServletRequest request, HttpServletResponse
       response)
   {
     String path = request.getContextPath();
     String html = "<script>top.location.href='" + path + 
         "/login.thtml';</script>";
     PrintWriter out = null;
     response.setContentType("text/html");
     response.setCharacterEncoding("UTF-8");
     try {
       out = response.getWriter();
       request.setCharacterEncoding("UTF-8");
     } catch (Exception e) {
       e.printStackTrace();
     }
     out.println(html);
     out.flush();
     out.close();
   }
   
   private boolean isPermitUrl(HttpServletRequest request) {
     boolean isPermit = false;
     String currentUrl = getCurrentURI(request);
     if ((permitUrls != null) && (permitUrls.length > 0)) { 
         String[] arrayOfString;
       int j = (arrayOfString = permitUrls).length; 
       for (int i = 0; i < j; i++) 
       { String url = arrayOfString[i];
         if (url.equals(currentUrl)) {
           isPermit = true;
           break;
         }
       }
     }
     return isPermit;
   }
   
   private String getCurrentURI(HttpServletRequest request) {
     String path = request.getContextPath();
     String uri = request.getRequestURI();
     uri = uri.substring(path.length());
     return uri;
   }
 }
/* 
 * Qualified Name:     com.tom.web.filter.TomFilter
 * Java Class Version: 6 (50.0)
 * JD-Core Version:    0.7.1
 */

配置web.xml:

	<filter>
		<filter-name>encodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>encodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter>
		<filter-name>TomFilter</filter-name>
		<filter-class>com.tom.web.filter.TomFilter</filter-class>
		<init-param>
			<param-name>permitUrls</param-name>
			<param-value>/login.thtml;/common/login.do;/common/logout.do;/inc/checkcode.jsp;
			/common/expired.thtml;/register.thtml;/common/register.do</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>TomFilter</filter-name>
		<url-pattern>*.thtml</url-pattern>
	</filter-mapping>
	<filter-mapping>
		<filter-name>TomFilter</filter-name>
		<url-pattern>*.do</url-pattern>
	</filter-mapping>

注意区分

javax.servlet.Filter;

org.springframework.web.filter.*;