亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

java如何避免csrf攻擊

九三
382
2021-01-13 09:32:43
欄目: 編程語言

java如何避免csrf攻擊

在java中使用spring實現避免csrf攻擊

通過將以下代碼添加到Java項目中即可實現避免csrf攻擊的功能。

package com.yihaomen.intercepter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class CsrfIntercepter implements HandlerInterceptor { 
public static final String CSRFNUMBER = "csrftoken";
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
String keyFromRequestParam = (String) request.getParameter(CSRFNUMBER);
String keyFromCookies=""; 
boolean result=false;
Cookie[] cookies = request.getCookies(); 
if(cookies!=null){
for (int i = 0; i < cookies.length; i++) { 
String name = cookies[i].getName(); 
if(CSRFNUMBER.equals(name) ) { 
keyFromCookies= cookies[i].getValue(); 
} 
}
}
if((keyFromRequestParam!=null && keyFromRequestParam.length()>0 && 
keyFromRequestParam.equals(keyFromCookies) &&
keyFromRequestParam.equals((String)request.getSession().getAttribute(CSRFNUMBER)))) { 
result=true;
}else{
request.getRequestDispatcher("/error/400").forward(request, response);
}
return result;
}
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, Exception arg3) throws Exception {
}
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
}
}

0
北辰区| 金湖县| 隆安县| 佛教| 文化| 平乐县| 全南县| 苏尼特右旗| 循化| 蒙山县| 宿松县| 鄯善县| 金寨县| 石河子市| 西宁市| 丰县| 湛江市| 宝坻区| 永春县| 巨野县| 湘潭县| 龙陵县| 客服| 秀山| 同德县| 蓬溪县| 渝北区| 阳新县| 栖霞市| 屯留县| 威远县| 厦门市| 拉萨市| 虞城县| 新绛县| 宜章县| 军事| 如东县| 察雅县| 响水县| 大宁县|