CSRF攻击防御---验证HTTP Referer

HTTP Referer是header的一部分，当浏览器向web服务器发送请求的时候，会带上Referer，通过验证Referer，可以判断请求的合法性，如果Referer是其他网站的话，就有可能是CSRF攻击，则拒绝该请求。
request.getSchema()可以返回当前页面使用的协议，http 或是 https;
request.getServerName()可以返回当前页面所在的服务器的名字;

public class ReferrerInterceptor implements HandlerInterceptor {
    static final Logger logger = LogManager.getLogger(ReferrerInterceptor.class);
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String referrer = request.getHeader("referer");
        logger.debug("referrer:{}",referrer);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(request.getScheme()).append("://").append(request.getServerName());
        logger.debug("basePath:{}",stringBuffer);
        if(referrer==null||referrer.equals("")||referrer.lastIndexOf(String.valueOf(stringBuffer))==0){
            return true;
        }
        else{
            return false;
        }
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}