XssFilter 过滤器
public class XssFilter implements Filter {
public boolean enabled = false; // 过滤开关
public List<String> excludes = new ArrayList<>(); // 排除url
@Override
public void init(FilterConfig filterConfig) throws ServletException {
String _enabled = filterConfig.getInitParameter("enabled");
String _excludes = filterConfig.getInitParameter("excludes");
if (StringUtils.isNotEmpty(_enabled)) {
enabled = Boolean.valueOf(_enabled);
}
if (StringUtils.isNotEmpty(_excludes)) {
String[] url = _excludes.split(",");
for (int i = 0; url != null && i < url.length; i++) {
excludes.add(url[i]);
}
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
if (handleExcludeURL(req, resp)) {
chain.doFilter(request, response);
return;
}
XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
chain.doFilter(xssRequest, response);
}
private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
if (!enabled) {
return true;
}
if (excludes == null || excludes.isEmpty()) {
return false;
}
String url = request.getServletPath();
for (String pattern : excludes) {
Pattern p = Pattern.compile("^" + pattern);
Matcher m = p.matcher(url);
if (m.find()) {
return true;
}
}
return false;
}
@Override
public void destroy() {
}
}