jstl自定义标签防盗链

• *自定义标签的使用主要包括以下三个部分
• 1.tagServlet代码设计
• 2.tld文件配置
• 3.jsp页面引用自定义标签

代码块

tagServlet代码如下：

@requires_authorizationpackage example;import java.io.IOException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.jsp.JspException;import javax.servlet.jsp.PageContext;import javax.servlet.jsp.SkipPageException;import javax.servlet.jsp.tagext.SimpleTagSupport;public class tagFangDaoLian  extends SimpleTagSupport{    private String site;     private String page;     public void setSite(String site) {        this.site = site;    }    public void setPage(String page) {        this.page = page;    }    @Override    public void doTag() throws JspException, IOException {        PageContext pc = (PageContext) this.getJspContext();        HttpServletRequest request = (HttpServletRequest) pc.getRequest();        String referer = request.getHeader("referer");        HttpServletResponse response = (HttpServletResponse) pc.getResponse();        System.out.println(request.getContextPath());        if(referer==null||!referer.startsWith(site)){            //做出判断，如果为空或符合盗链链接，准备进入盗链者界面            if(page.startsWith(request.getContextPath())){                response.sendRedirect(page);            }else if(page.startsWith("/")){                response.sendRedirect(request.getContextPath()+page);            }else{                response.sendRedirect(request.getContextPath()+"/"+page);            }            throw new SkipPageException();        }    }}

tld配置文件代码如下：

@requires_authorization<?xml version="1.0" encoding="UTF-8" ?><taglib xmlns="http://java.sun.com/xml/ns/j2ee"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"    version="2.0">    <tlib-version>1.0</tlib-version>    <short-name>showlist</short-name>    <uri>/tag</uri><tag>    <name>untheft</name>    <tag-class>example.tagFangDaoLian</tag-class>    <body-content>empty</body-content>    <attribute>        <name>site</name>        <required>true</required>        <rtexprvalue>true</rtexprvalue>    </attribute>    <attribute>        <name>page</name>        <required>true</required>        <rtexprvalue>true</rtexprvalue>    </attribute></tag></taglib>

jsp页面调用如下：

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@taglib prefix="m" uri="/tag" %>** <m:untheft site="http://localhost" page="untheft.jsp"/>** <%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">    <title>My JSP 'main.jsp' starting page</title>    <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="This is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->  </head>  <body>   <h3>选项</h3>   <a href="jsp/save.jsp">添加新员工</a>   <a href="${pageContext.request.contextPath}/servlet/selectPageServlet?pageNum=1">查看所有员工</a>  </body></html>

说明：

当用户以http：localhost（即site，可以自己更改属性）为请求头时，标签将执行，自动转入page界面[^footnote].