跨站点请求伪造
写一个过滤器，下面是doFilter方法，代码如下：

HttpServletRequest request = (HttpServletRequest)req;HttpServletRespone respone = (HttpServletRespone )res;httpSession session = (HttpSession) request.getSession();String referer = request.getHeader("Referer");String basePath = request.getContextPath();if (StringUtils.isEmpty(session.getAttribute("username"))){    if (request.getServletPath().indexOf("/loginExcute.xhtml") == -1)    {        req.getRequestDispatcher("/login.jsp").forword(req, respone);    }    else    {        if (refer != null && (referer.indexOf(basePath) != -1))        {            chain.doFilter(req,res);        }        else        {            req.getRequestDispatcher("/login.jsp").forward(req,respone);        }    }}else{    if (referer == null && (request.getServletPath().indexOf() != -1))    {        chain.doFiler(req, res);    }    else if (referer != null && (referer.indexOf(basePath) != -1))    {        chain.doFilter(req, res);    }    else    {        req.getRequestDispatcher("/login.jsp").forward(req, res);    }}

此处的代码中forward可以用sendRedirect写，indexOf判断可以contains方法代码。
代码编著：tangsl