// 判断是否同个域名 public static boolean validate(HttpServletRequest request) { String Referer = ""; boolean referer_sign = true; // true 站内提交,验证通过 //false 站外提交,验证失败 Enumeration headerValues = request.getHeaders("Referer"); while (headerValues.hasMoreElements()) Referer = (String) headerValues.nextElement(); // 判断是否存在请求页面 if (Referer == null || Referer.length() < 1) referer_sign = false; else { // 判断请求页面和getRequestURI是否相同 String servername_str = request.getServerName(); if (servername_str != null || servername_str.length() > 0) { int index = 0; if (Referer.indexOf("https://") == 0) { index = 8; } else if (Referer.indexOf("http://") == 0) { index = 7; } if (Referer.length() - index < servername_str.length()) // 长度不够 referer_sign = false; else { // 比较字符串(主机名称)是否相同 String referer_str = Referer.substring(index, index + servername_str.length()); if (!servername_str.equalsIgnoreCase(referer_str)) referer_sign = false; } } else referer_sign = false; } return referer_sign; }