中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

java如何避免csrf攻擊

九三
382
2021-01-13 09:32:43
欄目: 編程語言

java如何避免csrf攻擊

在java中使用spring實現避免csrf攻擊

通過將以下代碼添加到Java項目中即可實現避免csrf攻擊的功能。

package com.yihaomen.intercepter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class CsrfIntercepter implements HandlerInterceptor { 
public static final String CSRFNUMBER = "csrftoken";
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
String keyFromRequestParam = (String) request.getParameter(CSRFNUMBER);
String keyFromCookies=""; 
boolean result=false;
Cookie[] cookies = request.getCookies(); 
if(cookies!=null){
for (int i = 0; i < cookies.length; i++) { 
String name = cookies[i].getName(); 
if(CSRFNUMBER.equals(name) ) { 
keyFromCookies= cookies[i].getValue(); 
} 
}
}
if((keyFromRequestParam!=null && keyFromRequestParam.length()>0 && 
keyFromRequestParam.equals(keyFromCookies) &&
keyFromRequestParam.equals((String)request.getSession().getAttribute(CSRFNUMBER)))) { 
result=true;
}else{
request.getRequestDispatcher("/error/400").forward(request, response);
}
return result;
}
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, Exception arg3) throws Exception {
}
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
}
}

0
新宾| 徐水县| 高邮市| 拉萨市| 苏州市| 玉屏| 通江县| 根河市| 景德镇市| 临澧县| 哈尔滨市| 沿河| 朝阳县| 筠连县| 茌平县| 东兰县| 平原县| 襄城县| 浠水县| 石屏县| 岳普湖县| 肥乡县| 中宁县| 平利县| 巴马| 湘乡市| 远安县| 罗江县| 连平县| 渑池县| 房山区| 铜川市| 龙州县| 新巴尔虎右旗| 子长县| 信阳市| 海晏县| 郧西县| 金昌市| 日土县| 虹口区|