91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

java如何避免csrf攻擊

九三
382
2021-01-13 09:32:43
欄目: 編程語言

java如何避免csrf攻擊

在java中使用spring實現避免csrf攻擊

通過將以下代碼添加到Java項目中即可實現避免csrf攻擊的功能。

package com.yihaomen.intercepter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class CsrfIntercepter implements HandlerInterceptor { 
public static final String CSRFNUMBER = "csrftoken";
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
String keyFromRequestParam = (String) request.getParameter(CSRFNUMBER);
String keyFromCookies=""; 
boolean result=false;
Cookie[] cookies = request.getCookies(); 
if(cookies!=null){
for (int i = 0; i < cookies.length; i++) { 
String name = cookies[i].getName(); 
if(CSRFNUMBER.equals(name) ) { 
keyFromCookies= cookies[i].getValue(); 
} 
}
}
if((keyFromRequestParam!=null && keyFromRequestParam.length()>0 && 
keyFromRequestParam.equals(keyFromCookies) &&
keyFromRequestParam.equals((String)request.getSession().getAttribute(CSRFNUMBER)))) { 
result=true;
}else{
request.getRequestDispatcher("/error/400").forward(request, response);
}
return result;
}
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, Exception arg3) throws Exception {
}
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
}
}

0
平定县| 玛多县| 土默特左旗| 昌图县| 陈巴尔虎旗| 佛学| 双峰县| 上饶县| 新竹市| 东港市| 清镇市| 萨嘎县| 顺昌县| 威海市| 晋宁县| 吴堡县| 易门县| 神木县| 泽普县| 贞丰县| 中山市| 长泰县| 北票市| 堆龙德庆县| 肃北| 昌邑市| 巴塘县| 樟树市| 兴国县| 清徐县| 鲁甸县| 卢湾区| 富川| 霍邱县| 离岛区| 吉水县| 阿图什市| 加查县| 临漳县| 饶平县| 大足县|