【JSP开发】一个防盗链的WEB小例子

有的资源你点出后会有广告，广告旁边是资源连接，有些人直接把资源连接发给别人，企图不看广告直接进入链接拿资源，为了防止盗链行为的发生，我们要检测用户访问url的情况来进行一系列措施。

需要实现的功能就是，当用户想要查看"机密文档"的时候，如果是直接输入机密文档的url，而不是广告的url，我们得先让他跳转到广告页面的url，看完广告后就可以让他看“机密文档”了。

模拟过程：用户输入机密文件的url(或者在其他网站)，这时候进入Servlet，response的getHeader("referer")方法会得到来访地址，用此判断是否是从index.jsp网页的url来的，如果不是，跳入带广告的index.jsp，如果是就把机密文件的内容加载，然后显示给用户。

原理：

静态页面index.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>

<body>
<a href="/day06/servlet/ResponseDemo6">查看图书</a>
<br/> 看广告<br/>
<a href="/day06/servlet/RequestDemo9">看机密文件</a>
</body>
</html>

RequestDemo9.java:

package cn.edu.Request;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
//防盗链
public class RequestDemo9 extends HttpServlet {

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");

//得到来访地址
String referer=request.getHeader("referer");

if(referer==null||!referer.startsWith("http://localhost")){
//此处为盗链的情况，这个时候要让用户去主页(或其他页面，让用户看广告或其它。。。。)
response.sendRedirect("/day06/index.jsp");
return;
}

String data="机密文档";
response.getWriter().write(data);

}

public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}

}

RequestDemo6.java:

package cn.edu.Request;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class RequestDemo6 extends HttpServlet {

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String data="XXXXXXX";
request.setAttribute("data",data);
request.getRequestDispatcher("/message.jsp").forward(request, response);

}

public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}

}

message.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>My JSP 'message.jsp' starting page</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->

</head>

<body>

${data}
<%
String data=(String)request.getAttribute("data");
out.write(data);

%>
</body>
</html>

转载请注明出处:http://blog.csdn.net/acmman