JSP to prevent the specific implementation of data across the domain _jsp programming

Copy Code code as follows:

Argsisvalidfilter. Java Filter code list:
Package com.hety.uitl;

Import java.io.IOException;
Import java.util.Enumeration;

Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;

Import Org.apache.commons.logging.Log;
Import Org.apache.commons.logging.LogFactory;

public class Argsisvalidfilter implements Filter {

private static log log = Logfactory.getlog (Argsisvalidfilter.class);

public void Destroy () {

}

@SuppressWarnings ("Unchecked")
public void Dofilter (ServletRequest arg0, Servletresponse arg1, Filterchain arg2) throws IOException, Servletexception {
HttpServletRequest request = (httpservletrequest) arg0;
HttpServletResponse response = (httpservletresponse) arg1;
String servername_str = Request.getservername ();
String Currenturi = Request.getrequesturi ();
Enumeration headervalues = Request.getheaders ("Referer");
String tmpheadervalue = "";
Boolean isValid = true;
Specify the page address that you want to skip blocking, and add it directly to the array if you need it.
Recommendations
String [] ignoreuris={"/back/",
"/info.jsp",
"/pzxx.jsp"
};
while (Headervalues.hasmoreelements ()) {
Get the full path: like "http://www.domain.com.cn:8023/front/zwgk/zwgk.jsp?id=1283"
Tmpheadervalue = (String) headervalues.nextelement ();
}

if (log.isinfoenabled ()) {
Log.info ("obtained parameter URL is:" + tmpheadervalue);
Log.info ("The system gets the URL for:" + Currenturi);
}

if ("". Equals (Tmpheadervalue)) {
IsValid = false;
if (log.isinfoenabled ()) {
Log.info ("The obtained parameter URL is: Empty");
Log.info ("The system gets the URL for:" + Currenturi);
Log.info ("System hint: request may come from Outland!") ");
}

} else {
if (log.isinfoenabled ()) {
Log.info ("The obtained parameter length is:" +tmpheadervalue.length ());
}
Tmpheadervalue = Tmpheadervalue.tolowercase ();
Servername_str = Servername_str.tolowercase ();

int len = 0;
if (Tmpheadervalue.startswith ("https://")) {
Len = 8;
else if (Tmpheadervalue.startswith ("http://")) {
len = 7;
}

if (log.isinfoenabled ()) {
Log.info ("The string before the interception is:" + tmpheadervalue);
Log.info ("from the first" + Len + "bit began to intercept, interception length is:" + servername_str.length ());
}
String tmp = tmpheadervalue.substring (len, servername_str.length () + len);
if (log.isinfoenabled ()) {
Log.info ("The intercepted string is:" + tmp);
}
if (Tmp.length () < Servername_str.length ()) {//Length not enough
IsValid = false;
if (log.isinfoenabled ()) {
Log.info ("The length of the intercepted string is not enough, the request may come from Outland!") ");
}
else if (!tmp.equals (SERVERNAME_STR)) {//comparison string (host name) is the same
IsValid = false;
if (log.isinfoenabled ()) {
Log.info ("Domain name match failed, request from Outland!") ");
}
}
}


Skip specifies the address of the page you want to intercept
for (String Ignoreuri:ignoreuris) {
if (Currenturi.contains (Ignoreuri)) {
Isvalid=true;
if (log.isinfoenabled ()) {
Log.info ("The system has skipped checking the following URL:" +currenturi);
}
}
}

if (!isvalid) {

if (log.isinfoenabled ()) {
Log.info (System hint: The URL is a cross-domain request and is about to be redirected to the home page.) ");
}
Response.sendredirect ("/index.html");
} else {
Arg2.dofilter (arg0, arg1);
}
}

public void init (Filterconfig arg0) throws Servletexception {

}

}