Servlet防止跨站引用
2016-07-30 11:45
218 查看
防止跨站引用
功能:本站点中的资源,比如图片资源,只允许在本站中的网站上使用,不允许直接下载该图片
Servlet名称:ImageServlet
特点:查看请求头中referer字段,如果该值不为空,则说明该图片是引用资源,则允许配访问
如何将图片(.jpg)发送给浏览器呢?
步骤:
1.创建一个图片文件file
2.使用图片文件构造一个FileInputStream输入流
3.使用FileInputStream输入流构造一个BufferedInputStream构造一个缓冲流bufferedInputStream
4.定义一个1k大小的字节数据,byte[] buffer = new byte[1024];
5.获取response对象中的输出流outPutStream对象
6.从bufferedInputStream中读取数据到buffer中,然后写到outPutStream对象中
7.关闭输入输出流
源代码:
package com.tanjie.download;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet(urlPatterns={"/getImage"})
public class ImageServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String referer = request.getHeader("referer");
if(referer != null){
/*下载图片文件
* 1.从请求中获取imageId
* 2.获取图片存储路径imagePath
* 3.构造出file文件
* 4.构造FileInputStream、BufferedInputStream对象
* 5.写入到response的OutputStream对象中
* 6.关闭流
* */
String imageId = request.getParameter("id");
String imagePath = request.getServletContext().getRealPath("WEB-INF/image");
File imageFile = new File(imagePath, imageId+".jpg");
if(imageFile.exists()){
response.setContentType("image/jpg");
FileInputStream fileInputStream = null;
BufferedInputStream bufferedInputStream = null;
fileInputStream = new FileInputStream(imageFile);
bufferedInputStream = new BufferedInputStream(fileInputStream);
OutputStream outputStream = response.getOutputStream();
byte[] buffer = new byte[1024];
int i = bufferedInputStream.read(buffer);
while(i != -1){
outputStream.write(buffer, 0, i);
i = bufferedInputStream.read(buffer);
}
if(fileInputStream != null)
fileInputStream.close();
if(bufferedInputStream != null)
bufferedInputStream.close();
}
}
}
}
功能:本站点中的资源,比如图片资源,只允许在本站中的网站上使用,不允许直接下载该图片
Servlet名称:ImageServlet
特点:查看请求头中referer字段,如果该值不为空,则说明该图片是引用资源,则允许配访问
如何将图片(.jpg)发送给浏览器呢?
步骤:
1.创建一个图片文件file
2.使用图片文件构造一个FileInputStream输入流
3.使用FileInputStream输入流构造一个BufferedInputStream构造一个缓冲流bufferedInputStream
4.定义一个1k大小的字节数据,byte[] buffer = new byte[1024];
5.获取response对象中的输出流outPutStream对象
6.从bufferedInputStream中读取数据到buffer中,然后写到outPutStream对象中
7.关闭输入输出流
源代码:
package com.tanjie.download;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet(urlPatterns={"/getImage"})
public class ImageServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String referer = request.getHeader("referer");
if(referer != null){
/*下载图片文件
* 1.从请求中获取imageId
* 2.获取图片存储路径imagePath
* 3.构造出file文件
* 4.构造FileInputStream、BufferedInputStream对象
* 5.写入到response的OutputStream对象中
* 6.关闭流
* */
String imageId = request.getParameter("id");
String imagePath = request.getServletContext().getRealPath("WEB-INF/image");
File imageFile = new File(imagePath, imageId+".jpg");
if(imageFile.exists()){
response.setContentType("image/jpg");
FileInputStream fileInputStream = null;
BufferedInputStream bufferedInputStream = null;
fileInputStream = new FileInputStream(imageFile);
bufferedInputStream = new BufferedInputStream(fileInputStream);
OutputStream outputStream = response.getOutputStream();
byte[] buffer = new byte[1024];
int i = bufferedInputStream.read(buffer);
while(i != -1){
outputStream.write(buffer, 0, i);
i = bufferedInputStream.read(buffer);
}
if(fileInputStream != null)
fileInputStream.close();
if(bufferedInputStream != null)
bufferedInputStream.close();
}
}
}
}
<html> <head> <title>Photo Gallery</title> </head> <body> <img src="getImage?id=1"/> <img src="getImage?id=2"/> <img src="getImage?id=3"/> <img src="getImage?id=4"/> <img src="getImage?id=5"/> <img src="getImage?id=6"/> <img src="getImage?id=7"/> <img src="getImage?id=8"/> <img src="getImage?id=9"/> <img src="getImage?id=10"/> </body> </html>
相关文章推荐
- 对抗式网络(Adversarial Network)-深度学习突破的机会
- RMB 转大写的一个小demo
- Oracle中经典分页代码!
- Table of Contents - HttpClient
- ios 横竖屏切换总结
- mysql下表的修复与优化
- Ubuntu系统安装搜狗输入法
- juery datatable属性描述以及用法
- laravel学习教程之存取器
- 菜鸟学hadoop(01)
- C++知识点 内存占用问题
- Elasticsearch简单配置
- 1. 《深入理解Java虚拟机》Java运行时数据区域
- 手把手教你<leetcode>中的回溯算法——多一点套路
- final关键字
- canvas 3D 正方形
- 自定义个性的DatePicker
- NYOJ-722-数独
- C++的try_catch异常
- MVC学习系列14--Bundling And Minification【捆绑和压缩】--翻译国外大牛的文章