首先配置 applicationContext.xml, 添加
<!-- 启用 @AspectJ --> <aop:aspectj-autoproxy />
新建Java工具类 util.java,获取referer信息
/** * Title:工具类 * @author Victor */ public class util { /** * @description 获取referer,实现防盗链 * @param request * @return String host */ public static String getReferer(HttpServletRequest request) { String referer = request.getHeader("referer"); if(referer == null) { return "nullReferer"; } // 提取域名 try { URL referUrl = new URL(referer); String host = referUrl.getHost(); return host; } catch (MalformedURLException e) { e.printStackTrace(); } return "nullReferer"; } }
新建 annotation 注解接口,实现自定义注解 AntitheftChain.java
/** * Title:自定义注解 * Description: 标识是是否开启防盗链检查 * @author Victor */ @Documented @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface AntitheftChain { }
了解更多关于 annotation 注解的知识,转至:https://www.cnblogs.com/victorlyw/articles/9969072.html
新建java类 SecurityAspect.java 实现安全检查
/**
* Title:安全检查切面(是否登录检查)
* @author Victor
*/
@Component
@Aspect
public class SecurityAspect {
@Around("@annotation(org.springframework.web.bind.annotation.RequestMapping)")
public Object execute(ProceedingJoinPoint pjp) throws Throwable {
// 从切点上获取目标方法
MethodSignature methodSignature = (MethodSignature) pjp.getSignature();
Method method = methodSignature.getMethod();
// 目标方法是否开启防盗链检查
if (method.isAnnotationPresent(AntitheftChain.class)) {
// 获取请求域名
String getDomain = util.getReferer(WebContextUtil.getRequest());
if (getDomain == null || !getDomain.startsWith("localhost")) {
throw new domainException("没有认证域名");
}
}
}
}
新建 java类 domainException.java 异常处理
/** * Title:盗链异常处理 * @author Victor */ public class domainException extends RuntimeException { private static final long serialVersionUID = 1L; private String msg; public DomainException(String msg) { super(); this.msg = msg; } public String getMsg() { return msg; } public void setMsg(String msg) { this.msg = msg; } }
以上异常可以统一处理