ADADADADAD

java如何避免csrf攻击[ 网络知识 ]

网络知识时间：2024-12-03 15:10:02

作者：文/会员上传

php怎么实现https请求

简介：

在java中使用spring实现避免csrf攻击通过将以下代码添加到Java项目中即可实现避免csrf攻击的功能。package com.yihaomen.intercepter;import javax.servlet.http.Cookie;im

以下为本文的正文内容，内容仅供参考！本站为公益性网站，复制本文以及下载DOC文档全部免费。

在java中使用spring实现避免csrf攻击

通过将以下代码添加到Java项目中即可实现避免csrf攻击的功能。

package com.yihaomen.intercepter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class CsrfIntercepter implements HandlerInterceptor { 
public static final String CSRFNUMBER = "csrftoken";
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
String keyFromRequestParam = (String) request.getParameter(CSRFNUMBER);
String keyFromCookies=""; 
boolean result=false;
Cookie[] cookies = request.getCookies(); 
if(cookies!=null){
for (int i = 0; i < cookies.length; i++) { 
String name = cookies[i].getName(); 
if(CSRFNUMBER.equals(name) ) { 
keyFromCookies= cookies[i].getValue(); 
} 
}
}
if((keyFromRequestParam!=null && keyFromRequestParam.length()>0 && 
keyFromRequestParam.equals(keyFromCookies) &&
keyFromRequestParam.equals((String)request.getSession().getAttribute(CSRFNUMBER)))) { 
result=true;
}else{
request.getRequestDispatcher("/error/400").forward(request, response);
}
return result;
}
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, Exception arg3) throws Exception {
}
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
}
}