cookie 设置 httpOnly属性
cookie 设置 httpOnly属性防止js读取cookie.
建立filter拦截器类
CookieHttpOnlyFilter
importjava.io.IOException;importjavax.servlet.Filter;importjavax.servlet.FilterChain;importjavax.servlet.FilterConfig;importjavax.servlet.ServletException;importjavax.servlet.ServletRequest;importjavax.servlet.ServletResponse;importjavax.servlet.http.Cookie;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjavax.servlet.http.HttpSession;/****<P>CookieにHTTPOnly属性を設定インターセプタークラス.</P>**@authorhnnc*@author$Author$*@version$Id$*/publicclassCookieHttpOnlyFilterimplementsFilter{/**{@inheritDoc}**/publicvoiddoFilter(ServletRequestrequest,ServletResponseresponse,FilterChainchain)throwsIOException,ServletException{if(!(requestinstanceofHttpServletRequest)){chain.doFilter(request,response);return;}HttpServletRequesthttpReq=(HttpServletRequest)request;HttpServletResponsehttpResp=(HttpServletResponse)response;Cookie[]cookies=httpReq.getCookies();if(cookies!=null){Cookiecookie=cookies[0];if(cookie!=null){HttpSessionsession=httpReq.getSession();if(session!=null){StringsessionId=session.getId();//httpの设置httpResp.addHeader("Set-Cookie","JSESSIONID="+sessionId+";Path=/admin;HttpOnly");//httpsの设置//httpResp.addHeader("Set-Cookie","JSESSIONID="+sessionId//+";Path=/admin;Secure;HttpOnly");}}}chain.doFilter(httpReq,httpResp);}/**{@inheritDoc}**/publicvoiddestroy(){}/**{@inheritDoc}**/publicvoidinit(FilterConfigfilterConfig)throwsServletException{}}
web.xml中配置拦截器
<filter><filter-name>CookieHttpOnly</filter-name><filter-class>jp.co.univ.www.admin.filter.CookieHttpOnlyFilter</filter-class></filter><filter-mapping><filter-name>CookieHttpOnly</filter-name><url-pattern>/*</url-pattern></filter-mapping>
参考:
http://conkeyn.iteye.com/blog/2025484
http://blog.csdn.net/a19881029/article/details/27536917
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。