filter攔截工具
package com.*.utils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler;
import com.*.utils.redisUtil;
/**
* 請求攔截或登陸驗證
* @author 閔渭凱 2018年5月10日
*/
public class CSRFHandlerInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if (handler instanceof DefaultServletHttpRequestHandler) {
return true;
}
if (request.getMethod().equalsIgnoreCase("GET") || request.getMethod().equalsIgnoreCase("POST")) {
// This is a POST request - need to check the CSRF token
String token = request.getParameter("token");
if (redisUtil.vdtToken(token)) {
return true;
} else {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "您當前屬於非法操作!");
return false;
}
} else {
// 允許某種請求不驗證
return false;
}
}
}
spring中配置
<!--攔截器 -->
<mvc:interceptors>
<!-- 防止CSRF攻擊的攔截器 -->
<mvc:interceptor>
<!-- 需攔截的地址 -->
<!-- <mvc:mapping path="/employ/test" /> -->
<mvc:mapping path="/employ/interviewInfo" />
<!-- 需排除攔截的地址 -->
<mvc:exclude-mapping path="/resources/**" />
<bean id="CSRFHandlerInterceptor" class="com.*.utils.CSRFHandlerInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
redisUtil,也可以使用cookie或session或請求頭驗證
package com.*.utils;
import redis.clients.jedis.Jedis;
public class redisUtil {
//獲取
public static Jedis getJedis(){
return new Jedis("localhost");
}
//存儲
public static boolean saveToken(String token){
try{
String red=redisUtil.getJedis().get("token");
if(red==null){
redisUtil.getJedis().set("token", token);
}else{
red+=","+token;
redisUtil.getJedis().set("token", red);
}
redisUtil.getJedis().close();
}catch(Exception e){
e.printStackTrace();
return false;
}
return true;
}
//驗證
public static boolean vdtToken(String token){
if(StringUtils.isBlank(redisUtil.getJedis().get("token"))){
return false;
}
String[] s=redisUtil.getJedis().get("token").split(",");
for (int i = 0; i < s.length; i++) {
if(s[i].equals(token)){
return true;
}
}
return false;
}
//測試
public static void main(String[] args) {
//redisUtil.saveToken("111");
//redisUtil.getJedis().del("token");
System.out.println(redisUtil.vdtToken("111"));
}
}