springboot request参数过滤(XSS漏洞)
项目搭建
保证eclipse +maven项目能够运行(基于filter过滤request参数)
filter过滤配置
package com.li.springboot.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
@WebFilter(filterName="filter01",urlPatterns={
"/*"})
public class MyFilter implements Filter{
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest httpRequest=(HttpServletRequest) request;
//判断请求类型
if("POST".equals(httpRequest.getMethod())){
httpRequest = new PostRequestWrapper(httpRequest);
System.out.println("------filter post------");
}else{
httpRequest = new GetRequestWrapper(httpRequest);
System.out.println("-------filter get------");
}
chain.doFilter(httpRequest, response);
}
public void destroy() {
// TODO Auto-generated method stub
}
}
get请求参数过滤
package com.li.springboot.filter;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
* 过滤get请求参数
* @author 张宗海
*
*/
public class GetRequestWrapper extends HttpServletRequestWrapper{
public GetRequestWrapper(HttpServletRequest request) {
super(request);
// TODO Auto-generated constructor stub
}
/**
* 重写getHeader
*/
@Override
public String getHeader(String name) {
String header = super.getHeader(name);
if(header!=null && !"".equals(header)){
header=doFilterLabel(header); //过滤特殊标签
}
return header;
}
/**
* 重写getParameter
*/
@Override
public String getParameter(String name) {
String parameter = super.getParameter(name);
if(parameter!=null && !"".equals(parameter)){
return doFilterLabel(parameter);
}
return parameter;
}
/**
* 重写getParameterValues
*/
@Override
public String[] getParameterValues(String name) {
String[] result = super.getParameterValues(name);
if(result!=null && result.length>0