1.在web.xml中配置filter过滤器
<filter>
<filter-name>cookieFilter</filter-name>
<filter-class>com.xxx.commonsys.interceptor.CookieFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cookieFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2.CookieFilter.java文件内容
/*
* CookieFilter.java Created On 2015-8-12
* Copyright(c) 2014 BroadText Inc.
* ALL Rights Reserved.
*/
package com.xxx.commonsys.interceptor;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* CookieFilter
*
* @time: 下午2:56:51
* @author xxx
*/
public class CookieFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
//cookieFilter
Cookie[] cookies = req.getCookies();
//应用程序未容错漏洞修复 2016-08-30 xxx begin
String url = req.getRequestURI();
//*****判断异步请求和普遍请求*****
String if_flag = req.getHeader("X-Requested-With");
//不是ajax请求
if (if_flag == null) {
if ("/itos/bfapp/buffalo/cpMainServiceAjax".equals(url) ||
"/itos/bfapp/buffalo/dmMainServiceAjax".equals(url)) {
//*****重定向*****
resp.sendRedirect(req.getContextPath()+"/pages/common/500.jsp");
return;
}
}
//应用程序未容错漏洞修复 2016-08-30 xxx end
if (cookies != null) {
Cookie cookie = cookies[0];
if (cookie != null) {
/*
* cookie.setMaxAge(3600);
* cookie.setSecure(true);
* resp.addCookie(cookie);
*/
// Servlet 2.5不支持在Cookie上直接设置HttpOnly属性
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append("JSESSIONID=" + value + "; ");
builder.append("Secure; ");
builder.append("HttpOnly; ");
Calendar cal = Calendar.getInstance();
cal.add(Calendar.HOUR, 1);
Date date = cal.getTime();
Locale locale = Locale.US;
SimpleDateFormat sdf = new SimpleDateFormat(
"dd-MM-yyyy HH:mm:ss", locale);
builder.append("Expires=" + sdf.format(date));
resp.setHeader("Set-Cookie", builder.toString());
}
}
}
public void destroy() {
}
public void init(FilterConfig arg0) throws ServletException {
}
}