The implementation of JSP to prevent data submission across domains

  This article mainly introduces JSP to prevent the implementation of data across the domain, the need for friends can refer to the following

  Code as follows://argsisvalidfilter. Java Filter Code List:  Package com.hety.uitl;    Import java.io.ioexception;& nbsp Import java.util.enumeration;    Import javax.servlet.filter;  import Javax.servlet.FilterChain;   Import javax.servlet.filterconfig;  Import javax.servlet.servletexception;  Import javax.servlet.servletrequest;  Import javax.servlet.servletresponse;  Import javax.servlet.http.httpservletrequest;  Import javax.servlet.http.httpservletresponse;    Import org.apache.commons.logging.log;  Import org.apache.commons.logging.logfactory;    public class Argsisvalidfilter implements Filter {    private static log = Logfactory.getlog (Argsisvalidfilter.class); nbsp   public void Destroy () {   }    @SuppressWarnings ("unchecked")   public void Dofilter (serv Letrequest arg0, Servletresponse arg1, Filterchain arg2) throws IOException, Servletexception { Letrequest request = (httpservletrequest) arg0;  httpservletresponse response = (httpservletresponse) arg1;  String servername_str = Request.getservername ();  string currenturi = Request.getrequesturi ();  Enumeration Headervalues = Request.getheaders ("Referer");  String tmpheadervalue = "";  boolean isValid = true; //Specify required To skip the Blocked page address, add it directly to the array if you want it to be added.  //"Recommendations"   String [] ignoreuris={"/back/",  "/info.jsp",  "/pzxx.jsp"  };  while ( Headervalues.hasmoreelements ()) { //Get complete path: such as "http://www.domain.com.cn:8023/front/zwgk/zwgk.jsp?id=1283"   Tmpheadervalue = (String) headervalues.nextelement (); }    if (log.isinfoenabled ()) {  Log.info ("obtained parameter URL is:" + tmpheadervalue);  log.info ("The system obtained URL is:" + Currenturi); }    if ("". Equals ( Tmpheadervalue)) {  isValid = false;  if (log.isinfoenabled ()) {  log.info ("obtained parameter URL is: Empty");  Log.info ("The system gets the URL is:" + Currenturi);   Log.info ("System hint: request may come from Outland!") "); }   } else {  if (log.isinfoenabled ()) {  Log.info (" the obtained parameter length is: "+tmpheadervalue.length ());  }  tmpheadervalue = tmpheadervalue.tolowercase ();  servername_str = Servername_str.tolowercase ();     int len = 0;  if (tmpheadervalue.startswith ("https://")) {  len = 8; } else if (tmpheaderval Ue.startswith ("http://")) {  len = 7; }    if (log.isinfoenabled ()) {  Log.info ("The string before the interception is:" + Tmpheadervalue);  log.info ("from" + len + "bit start intercept, intercept length:" + servername_str.length ()); }  String TMP = tmp Headervalue.substring (Len, servername_str.length () + len);  if (log.isinfoenabled ()) {  Log.info ("The string after the interception is: ' + tmp '; }  if (tmp.length () < Servername_str.length ()) {//Length not enough   IsValid = false;  if (log.isinf Oenabled ()) {  log.info ("The length of the intercepted string is not enough, the request may come from Outland!") "); } } else if (!tmp.equals (SERVERNAME_STR)) {//comparison string (host name) is the same   IsValid =false;  if (log.isinfoenabled ()) {  log.info ("Domain name match failed, request from Outland!") "); } } }     //Skip to specify page addresses to intercept   for (String Ignoreuri:ignoreuris) {  if (curr Enturi.contains (Ignoreuri)) {  isvalid=true;  if (log.isinfoenabled ()) {  Log.info ("The system has skipped checking the following URL:" + Currenturi); } } }    if (!isvalid) {    if (log.isinfoenabled ()) {  Log.info (" System hint: The URL is a cross-domain request and is about to be redirected to the home page. "); }  response.sendredirect ("/index.html "); } else {  arg2.dofilter (arg0, arg1); } }     public void init (Filterconfig arg0) throws Servletexception {   }   }