servlet版防盗链程序概念模型

早上起来躺床上不知道怎么突然想起防盗链这个事情,一个简单的概念系统该很简单,
获得浏览器的get请求以后查看http head的referer部分,里面的网址是否是本站地址就行。
这样只要做一个字符串比较就可以实现,这样可以保护链接,但是如果别人获得文件的绝对地址这个方法恐怕就无法阻止盗链了,文件默认是由web服务器还进行处理,像apache简单设置就可以防盗链,光检查referer部分是不善的,http head本来是由客户端提供,很容易伪造,flashget在下载的时候就可以设置引用页面,而且新版flashget在不提供引用页的请客下把网址去掉下载文件名后的其他部分当然referer发给服务器,这时候就需要加上session或cookie的保护的,servlet通过内部io是可以在不发送文件真是地址的情况下发送文件的。具体实现部分稍后发布
2006-09-01 v0.1
[codes=java]
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;

public class DownLoadServlet extends javax.servlet.http.HttpServlet
{
public void doGet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
throws javax.servlet.ServletException, java.io.IOException
{
//RequestDispatcher rd = getServletContext().getRequestDispatcher("/Login");
//rd.forward(request, response);
HttpSession session = request.getSession();
request.setCharacterEncoding("gbk");
//response.setCharacterEncoding("gbk");

   String t=null;
   //String email="kong2";
   if (session==null)
     response.sendRedirect("Login");
     //rd.forward(request, response);
   else {
     String loggedIn = (String) session.getAttribute("loggedIn");
     
     if (loggedIn==null||!loggedIn.equals("true"))
       response.sendRedirect("Login");
      // rd.forward(request, response);

   }
//int n=request.getHeader("referer").indexOf("localhost");
if (request.getHeader("referer") != null)
{
if (request.getHeader("referer").indexOf("localhost")> 0)
{
String filename=request.getParameter("filename");
String s = "d:\\"+filename;
//String s = "e:\\tree.mdb";

//java.io.RandomAccessFile raf = new java.io.RandomAccessFile(s,"r");

java.io.File f = new java.io.File(s);
java.io.FileInputStream fis = new java.io.FileInputStream(f);

//response.reset();

response.setHeader("Server", "playyuer@Microshaoft.com");
response.setHeader("Accept-Ranges", "bytes");

long p = 0;
long l = 0;
//l = raf.length();
l = f.length();

if (request.getHeader("Range") != null)
{
response.setStatus(javax.servlet.http.HttpServletResponse.SC_PARTIAL_CONTENT);//206
p = Long.parseLong(request.getHeader("Range").replaceAll("bytes=","").replaceAll("-",""));
}

response.setHeader("Content-Length", new Long(l – p).toString());

if (p != 0)
{
response.setHeader("Content-Range","bytes " + new Long(p).toString() + "-" + new Long(l -1).toString() + "/" + new Long(l).toString());
}
//response.setLocale(Locale.CHINA);
//response.setContentType("text/html;charset=GB2312");
//response.setHeader("Connection", "Close"); //如果有此句话不能用 IE 直接下载
String sr=f.getName();
String tf=new String(sr.getBytes("gbk"),"ISO8859_1");
response.setHeader("Content-Disposition", "attachment;filename=\"" +tf+ "\"");
response.setContentType("application/octet-stream");

//response.setHeader("Content-Disposition", "attachment;filename=\"" + s.substring(s.lastIndexOf("\\") + 1) + "\"");
//response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + "\"");

//raf.seek(p);
fis.skip(p);

byte[] b = new byte[1024];
int i;

//while ( (i = raf.read(b)) != -1 )
while ( (i = fis.read(b)) != -1 )
{
response.getOutputStream().write(b,0,i);
}
//raf.close();
fis.close();
}
else
{
response.setContentType("text/html; charset=gb2312");
java.io.PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>盗链可耻1</title></head>");
out.println("<body>");
out.println("<p>盗链可耻! 请注意地址栏中如果是 http://localhost</p>");
out.println("<p>正常情况下是第三次点击真正下载</p>");
//out.println(n);
out.println("REFERER :&nbsp;" + request.getHeader("REFERER"));
//out.println("<p><A HREF='http://localhost>http://localhost:8180/examples/basic/servlet/DownLoadServlet' target='_blank'>请点击这里下载</A> </p>");
out.println("</body></html>");
}
}
else
{
response.setContentType("text/html; charset=gb2312");
java.io.PrintWriter out = response.getWriter(); //Servlet
out.println("<html>");
out.println("<head><title>盗链可耻2</title></head>");
out.println("<body>");
out.println("<p>盗链可耻! 请注意地址栏中如果是 http://localhost</p>");
out.println("<p>正常情况下是第三次点击真正下载</p>");
out.println("REFERER :&nbsp;" + request.getHeader("REFERER"));
//out.println("<p><A HREF='http://localhost:8180/examples/basic/servlet/DownLoadServlet' target='_blank'>清点击这里下载</A> </p>");
out.println("</body></html>");
}
}
}
[/codes]

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据