Home Explore Help
Register Sign In
humingfen
/
wlyy2.0
forked from Amoy2/wlyy2.0
Watch 1
Star 0
Fork 0
Files
Browse Source

康复计划

yeshijie 4 years ago
parent
0a10aaeccf
commit
321ff3a7d6
3 changed files with 15 additions and 3 deletions
Split View Show Diff Stats
  1. 13 0
      svr/svr-iot/src/main/java/com/yihu/iot/config/MvcConfig.java
  2. 1 2
      svr/svr-iot/src/main/java/com/yihu/iot/interceptor/CrosXssFilter.java
  3. 1 1
      svr/svr-iot/src/main/java/com/yihu/iot/interceptor/XssHttpServletRequestWrapper.java

+ 13 - 0
svr/svr-iot/src/main/java/com/yihu/iot/config/MvcConfig.java
View File 

@ -1,10 +1,13 @@
 
package com.yihu.iot.config;
 
import com.yihu.iot.interceptor.CrosXssFilter;
 
import com.yihu.iot.interceptor.GateWayInterceptor;
 
import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
import org.springframework.beans.factory.annotation.Autowired;
 
import org.springframework.boot.web.servlet.FilterRegistrationBean;
 
import org.springframework.context.annotation.Bean;
 
import org.springframework.context.annotation.Configuration;
 
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
@ -31,4 +34,14 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
 
        super.addInterceptors(registry);
 
        logger.info("init gateWayInterceptor");
 
    }
 
    @Bean
 
    public FilterRegistrationBean testFilterRegistration() {
 
        FilterRegistrationBean registration = new FilterRegistrationBean();
 
        registration.setFilter(new CrosXssFilter());
 
        registration.addUrlPatterns("/*");
 
        registration.setName("CrosXssFilter");
 
        registration.setOrder(1);
 
        return registration;
 
    }
 
}

+ 1 - 2
svr/svr-iot/src/main/java/com/yihu/iot/interceptor/CrosXssFilter.java
View File 

@ -5,14 +5,13 @@ import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
import javax.servlet.*;
 
import javax.servlet.annotation.WebFilter;
 
import javax.servlet.http.HttpServletRequest;
 
import java.io.IOException;
 
/**
 
 * Created by yeshijie on 2020/9/2.
 
 */
 
@WebFilter(filterName = "CrosXssFilter", urlPatterns = { "/*" })
 
//@WebFilter(filterName = "CrosXssFilter", urlPatterns = { "/*" })
 
public class CrosXssFilter implements Filter {
 
    private static final Logger logger = LoggerFactory.getLogger(CrosXssFilter.class);
 
    @Override

+ 1 - 1
svr/svr-iot/src/main/java/com/yihu/iot/interceptor/XssHttpServletRequestWrapper.java
View File 

@ -16,7 +16,7 @@ import java.util.Set;
 
 */
 
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
    private final Logger log = LoggerFactory.getLogger(getClass());
 
    private static String key = "and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+";
 
    private static String key = "select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|*|%";
 
    private static Set<String> notAllowedKeyWords = new HashSet<String>(0);
 
    private static String replacedString="INVALID";
 
    static {