本文主要是介绍CSRF防御实例记录,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
-
项目使用SpringMVC+Freemarker
- 创建令牌生产类-(CSRFTokenManager)
import java.util.UUID;import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession;/*** @author huangzy* @version $Revision: 1.0 $, $Date: 2019年10月25日 下午4:30:43 $*/ public class CSRFTokenManager {/*** The token parameter name*/static final String CSRF_PARAM_NAME = "CSRFToken";/*** The location on the session which stores the token*/public static final String CSRF_TOKEN_FOR_SESSION_ATTR_NAME = CSRFTokenManager.class.getName() + ".tokenval";public static String getTokenForSession(HttpSession session) {String token = null;synchronized (session) {token = (String) session.getAttribute(CSRF_TOKEN_FOR_SESSION_ATTR_NAME);if (null == token) {token = UUID.randomUUID().toString();session.setAttribute(CSRF_TOKEN_FOR_SESSION_ATTR_NAME, token);}}return token;}/*** Extracts the token value from the session** @param request* @return*/public static String getTokenFromRequest(HttpServletRequest request) {return request.getParameter(CSRF_PARAM_NAME);}private CSRFTokenManager() {};}
- 在baseController中把令牌放入到model中
public class BaseController{@ModelAttributepublic void initBase(HttpServletRequest request, Ht
这篇关于CSRF防御实例记录的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!