步骤:
pom添加maven依赖
自定义过滤器Filter拦截请求,并对请求参数进行xss过滤处理
具体实现如下:
1. pom添加依赖
org.apache.tomcat
tomcat-servlet-api
8.0.36
provided
javax.servlet
servlet-api
2.5
provided
2. 自定义过滤器Filter,并对请求Request进行xss过滤处理
@SpringBootConfiguration
@WebFilter(filterName = "XssFilter",urlPatterns = {"/*"})
public class XssFilter implements Filter {
/**无需进行xss过滤的uri地址*/
private static final Set ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList("/pay/wxNotify","/pay/alNotify","/pay/gateway")));
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");
boolean allowedPath = ALLOWED_PATHS.contains(path);
if(allowedPath) {
chain.doFilter(request, response);
}else {
chain.doFilter(new XSSRequestWrapper((HttpServletRequest) request), response);
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
----------------------------------------------------------