// 判断是否同个域名
public static boolean validate(HttpServletRequest request) {
String Referer = "";
boolean referer_sign = true; // true 站内提交,验证通过 //false 站外提交,验证失败
Enumeration headerValues = request.getHeaders("Referer");
while (headerValues.hasMoreElements())
Referer = (String) headerValues.nextElement();
// 判断是否存在请求页面
if (Referer == null || Referer.length() < 1)
referer_sign = false;
else {
// 判断请求页面和getRequestURI是否相同
String servername_str = request.getServerName();
if (servername_str != null || servername_str.length() > 0) {
int index = 0;
if (Referer.indexOf("https://") == 0) {
index = 8;
} else if (Referer.indexOf("http://") == 0) {
index = 7;
}
if (Referer.length() - index < servername_str.length()) // 长度不够
referer_sign = false;
else { // 比较字符串(主机名称)是否相同
String referer_str = Referer.substring(index, index + servername_str.length());
if (!servername_str.equalsIgnoreCase(referer_str))
referer_sign = false;
}
} else
referer_sign = false;
}
return referer_sign;
}
浙公网安备 33010602011771号