请求过滤与拦截验证

影落离风
103 阅读1分钟

filter拦截工具

package com.*.utils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler;

import com.*.utils.redisUtil;

/**
 * 请求拦截或登陆验证
 * @author 闵渭凯 2018年5月10日
 */
public class CSRFHandlerInterceptor extends HandlerInterceptorAdapter {

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {

		if (handler instanceof DefaultServletHttpRequestHandler) {
			return true;
		}
		if (request.getMethod().equalsIgnoreCase("GET") || request.getMethod().equalsIgnoreCase("POST")) {
			// This is a POST request - need to check the CSRF token
			String token = request.getParameter("token");
			if (redisUtil.vdtToken(token)) {
				return true;
			} else {
				response.sendError(HttpServletResponse.SC_FORBIDDEN, "您当前属于非法操作!");
				return false;
			}
		} else {
			// 允许某种请求不验证
			return false;
		}
	}
}

spring中配置

<!--拦截器 -->
	<mvc:interceptors>
		<!-- 防止CSRF攻击的拦截器 -->
		<mvc:interceptor>
			<!-- 需拦截的地址 -->  
			<!-- <mvc:mapping path="/employ/test" /> -->
			<mvc:mapping path="/employ/interviewInfo" />
			<!-- 需排除拦截的地址 -->  
			<mvc:exclude-mapping path="/resources/**" />
			<bean id="CSRFHandlerInterceptor" class="com.*.utils.CSRFHandlerInterceptor"></bean>
		</mvc:interceptor>
	</mvc:interceptors>

redisUtil,也可以使用cookie或session或请求头验证

package com.*.utils;

import redis.clients.jedis.Jedis;

public class redisUtil {
	
	
	//获取
	public static Jedis getJedis(){
		return new Jedis("localhost");
		
	}
	
	//存储
	public static boolean saveToken(String token){
		try{
			String red=redisUtil.getJedis().get("token");
			if(red==null){
				redisUtil.getJedis().set("token", token);
			}else{
				red+=","+token;
				redisUtil.getJedis().set("token", red);
			}
			redisUtil.getJedis().close();
		}catch(Exception e){
			e.printStackTrace();
			return false;
		}
		return true;
		
	}
	
	//验证
	public static boolean vdtToken(String token){
		if(StringUtils.isBlank(redisUtil.getJedis().get("token"))){
			return false;
		}
		String[] s=redisUtil.getJedis().get("token").split(",");
		for (int i = 0; i < s.length; i++) {
			if(s[i].equals(token)){
				return true;
			}
		}
		return false;
	}
	

	
	//测试
	public static void main(String[] args) {
		
		//redisUtil.saveToken("111");
		//redisUtil.getJedis().del("token");
		System.out.println(redisUtil.vdtToken("111"));
	}
	
}

\

\

avatar
文章
阅读
粉丝