package com.landtool.lanbase.common.xss;
|
|
import java.io.IOException;
|
|
import javax.servlet.Filter;
|
import javax.servlet.FilterChain;
|
import javax.servlet.FilterConfig;
|
import javax.servlet.ServletException;
|
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletResponse;
|
import javax.servlet.http.HttpServletRequest;
|
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
|
/**
|
* @author lanbase
|
* @Description: TODO(XSS过滤)
|
* @date 2017-6-23 15:07
|
*/
|
public class XssFilter implements Filter {
|
private Logger logger = LoggerFactory.getLogger(getClass());
|
// 排除的url
|
private String exclude;
|
|
public XssFilter(String exclude) {
|
this.exclude = exclude;
|
}
|
|
@Override
|
public void init(FilterConfig config) throws ServletException {
|
}
|
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
throws IOException, ServletException {
|
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
String uri=httpRequest.getRequestURI();
|
logger.debug("doFilter----uri:" + uri);
|
if(uri.indexOf(".") == -1 && !uri.contains(exclude)){
|
XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
|
chain.doFilter(xssRequest, response);
|
}else{
|
chain.doFilter(request, response);
|
}
|
}
|
|
@Override
|
public void destroy() {
|
}
|
|
}
|
