public String intercept(ActionInvocation action) throws Exception {
HttpServletRequest request = ServletActionContext.getRequest();
HttpServletResponse response = ServletActionContext.getResponse();
//点击劫持
response.setHeader("x-frame-options","SAMEORIGIN");
//获取Referer
String referer = request.getHeader("Referer");
//拦截不合法的Referer
if (referer != null && !isInclude(Authorize.REFERER_LIST, referer)) {
return "unauthorizedReferer";
}
String host = request.getHeader("Host");
//拦截不合法的host
if (host != null && !isInclude(Authorize.HOST_LIST, host)) {
return "unauthorizedHost";
}
String xForwardedHost = request.getHeader("X-Forwarded-Host");
if(xForwardedHost != null && !isInclude(Authorize.HOST_LIST,xForwardedHost)){
return "unauthorizedHost";
}
response.setHeader("Server", "unknown1");
String result = action.invoke();
response.setHeader("Server", "unknown2");
return result;
}
浙公网安备 33010602011771号