CSRF攻击防御---验证HTTP Referer

HTTP Referer是header的一部分，当浏览器向web服务器发送请求的时候，会带上Referer，通过验证Referer，可以判断请求的合法性，如果Referer是其他网站的话，就有可能是CSRF攻击，则拒绝该请求。

/**
 * @author Cheng.Wei
 * @ClassName ReferrerInterceptor
 * @Description CSRF攻击处理
 * @date 2017-08-04 14:11
 */
public class ReferrerInterceptor implements HandlerInterceptor {
    static final Logger logger = LogManager.getLogger(ReferrerInterceptor.class);
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String referrer = request.getHeader("referer");
        logger.debug("referrer:{}",referrer);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(request.getScheme()).append("://").append(request.getServerName());
        logger.debug("basePath:{}",stringBuffer);
        if(referrer==null||referrer.equals("")||referrer.lastIndexOf(String.valueOf(stringBuffer))==0){
            return true;
        }
        else{
            return false;
        }
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}