首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 网站开发 > Web前端 >

web 安全性有关问题

2013-12-26 
web 安全性问题添加过滤器,将没有用都的请求方法过滤掉,如DELETEimport java.io.IOExceptionimport java.

web 安全性问题
添加过滤器,将没有用都的请求方法过滤掉,如DELETE

import java.io.IOException;import java.util.Arrays;import java.util.List;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class RequestFilter implements Filter {public void init(FilterConfig config) throws ServletException {}public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;HttpServletResponse res = (HttpServletResponse) response;String method = req.getMethod();List<String> methodList = Arrays.asList("DELETE", "HEAD", "PUT","OPTIONS","TRACE");if (methodList.contains(method)) {res.setStatus(403);return;}chain.doFilter(request, response);}}


也可以在web.xml中设置

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id="WebApp_ID" version="2.5"><security-constraint><web-resource-collection><url-pattern>/*</url-pattern><http-method>PUT</http-method><http-method>DELETE</http-method><http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>TRACE</http-method></web-resource-collection><auth-constraint></auth-constraint></security-constraint><login-config><auth-method>BASIC</auth-method></login-config></web-app>

这种方式,用内嵌的jetty启动会报错,但tomcat没问题。。。未解决。。。暂时使用filter



Cookie中设置httpOnly标识
web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id="WebApp_ID" version="2.5"><session-config><cookie-config><http-only>true</http-only></cookie-config></session-config></web-app>

也可以在 代码中设置
cookie.setHttpOnly(true);




热点排行