大家好,又见面了,我是你们的朋友全栈君。
web.xml配置
<filter>
<filter-name>XSSFilter</filter-name>
<filter-class>com.xxx.filter.NewXssFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>添加XSS过滤器,NewXssFilter.java
package com.xxx.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.picc.platform.common.utils.NewXssHttpServletRequestWrapper;
public class NewXssFilter implements Filter {
FilterConfig filterConfig = null;
public void destroy() {
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
NewXssHttpServletRequestWrapper NewXssrequest = new NewXssHttpServletRequestWrapper((HttpServletRequest)request);
HttpServletResponse NewXssresponse = (HttpServletResponse)response;
chain.doFilter(NewXssrequest, NewXssresponse);
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
}
NewXssHttpServletRequestWrapper.java
package com.xxx.common.utils;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang3.StringEscapeUtils;
public class NewXssHttpServletRequestWrapper extends HttpServletRequestWrapper {
HttpServletRequest orgRequest = null;
public NewXssHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
// TODO Auto-generated constructor stub
orgRequest = request;
}
public String getParameter(String name) {
String value = super.getParameter(xssEncode(name));
if (value != null) {
value = xssEncode(value);
}
return value;
}
public String getHeader(String name) {
String value = super.getHeader(xssEncode(name));
if (value != null) {
value = xssEncode(value);
}
return value;
}
public Map<String, String[]> getParameterMap() {
Map<String, String[]> paramMap = super.getParameterMap();
Set<String> keySet = paramMap.keySet();
for (Iterator iterator = keySet.iterator(); iterator.hasNext();) {
String key = (String) iterator.next();
String[] str = paramMap.get(key);
for (int i = 0; i < str.length; i++) {
str[i] = xssEncode(str[i]);
}
}
return paramMap;
}
private static String xssEncode(String s) {
if (s == null || s.isEmpty()) {
return s;
}
return StringEscapeUtils.escapeHtml4(s);
}
/**
* 获取最原始的request
*
* @return
*/
public HttpServletRequest getOrgRequest() {
return orgRequest;
}
/**
* 获取最原始的request的静态方法
*
* @return
*/
public static HttpServletRequest getOrgRequest(HttpServletRequest req) {
if (req instanceof NewXssHttpServletRequestWrapper) {
return ((NewXssHttpServletRequestWrapper) req).getOrgRequest();
}
return req;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/139826.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...
