在项目运行过程中,会遇到客户拿项目去进行漏洞检测的情况,检测第三方大部分会提出这个问题,将除了get post其他的请求方式全部屏蔽,本篇文章将讲一下如何屏蔽
SpringBoot项目中可以使用filter过滤器来拦截请求
书写一个 HttpMethodFilter 过滤器
@Order(0)
@WebFilter(filterName="methodFilter", urlPatterns="/*")
public class HttpMethodFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// 过滤器初始化
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
// 检查请求方法是否为POST或GET
if ("POST".equalsIgnoreCase(httpRequest.getMethod()) || "GET".equalsIgnoreCase(httpRequest.getMethod())) {
// 如果是POST或GET,则继续链路
chain.doFilter(request, response);
} else {
// 如果不是,则返回错误状态码
httpResponse.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
}
}
@Override
public void destroy() {
// 过滤器销毁
}
}
将过滤器注入
@Configuration
public class CustomFilterConfig {
@Bean
public FilterRegistrationBean<HttpMethodFilter> httpMethodFilterFilterRegistrationBean(){
FilterRegistrationBean<HttpMethodFilter> registrationBean = new FilterRegistrationBean<HttpMethodFilter>();
registrationBean.setFilter(new HttpMethodFilter());
// 配置过滤的 URL
registrationBean.addUrlPatterns("/*");
return registrationBean;
}
}