--------------------------Config----------------
@Configuration
public class XssConfig{
@Value("${cofigFilter}")
private String cofigFilter;
@Bean
public FilterRegistrationBean xssFilterRegistrationBean1() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new LoginFilter());
filterRegistrationBean.setOrder(2);
filterRegistrationBean.setEnabled(true);
filterRegistrationBean.addUrlPatterns("/login");
Map<String, String> initParameters = Maps.newHashMap();
initParameters.put("cofigFilter", cofigFilter);
filterRegistrationBean.setInitParameters(initParameters);
return filterRegistrationBean;
}
---------------------------LoginFilter------------
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.yunda.base.common.utils.BDException;
/**
* 防跨站点请求伪造
*/
public class LoginFilter implements Filter {
/**
* logger
*/
private static Logger LOGGER = LoggerFactory.getLogger(LoginFilter.class);
/**
* 域名信息
*/
private String cofigFilter;
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String referer = request.getHeader("Referer");
String rquestUri = request.getRequestURI();
//登录刷新session
if ("/bootdo/login".equals(rquestUri) && request.getCookies() != null) {
request.getSession().invalidate();// 清空session
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);// 让cookie过期
Cookie oItem;
oItem = new Cookie(cookie.getName(), cookie.getValue());
if (null != cookie.getDomain()) {// 请用自己的域
oItem.setDomain(cookie.getDomain());
} else {
oItem.setDomain(request.getServerName());
}
oItem.setMaxAge(0); // 失效cookie
if (null != cookie.getPath()) {
oItem.setPath(cookie.getPath());
} else {
oItem.setPath("/");
}
((HttpServletResponse) response).addCookie(oItem);
}
}
if (rquestUri.contains(".css") || rquestUri.contains(".js")
|| rquestUri.contains(".png") || rquestUri.contains(".html")
|| rquestUri.contains(".jpg")) {
// 如果发现是css或者js文件,直接放行
chain.doFilter(request, response);
return;
}
if (referer == null) {
chain.doFilter(request, response);
return;
}
if (referer != null && referer.startsWith(cofigFilter)) {
chain.doFilter(request, response);
} else {
request.getRequestDispatcher("/403").forward(request, response);
}
}
public String description() {
// TODO Auto-generated method stub
return null;
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
if(LOGGER.isDebugEnabled()){
LOGGER.debug("LOGIN filter init~~~~~~~~~~~~");
}
String cofigFilter1 = filterConfig.getInitParameter("cofigFilter");
if(StringUtils.isNotBlank(cofigFilter1)){
cofigFilter = cofigFilter1;
}
}
}
然后再你的配置文件中定义好cofigFilter站点信息