package com.landtool.lanbase.common.xss;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * @author lanbase
 * @Description: TODO(XSS过滤)
 * @date 2017-6-23 15:07
 */
public class XssFilter implements Filter {
	private Logger logger = LoggerFactory.getLogger(getClass());
	// 排除的url
	private String exclude;

	public XssFilter(String exclude) {
		this.exclude = exclude;
	}

	@Override
	public void init(FilterConfig config) throws ServletException {
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		String uri=httpRequest.getRequestURI();
		logger.debug("doFilter----uri:" + uri);
		if(uri.indexOf(".") == -1 && !uri.contains(exclude)){
			XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
			chain.doFilter(xssRequest, response);
		}else{
			chain.doFilter(request, response);
		}
	}

	@Override
	public void destroy() {
	}

}