漏洞扫描,需要解决csrf问题,先贴上代码,使用的是过滤器
package com.jdd.appim.web.filter;
import com.alibaba.fastjson.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
/**
* @author dataochen
* @Description 拦截请求 防止CSRF漏洞
* @date: 2019/9/6 14:26
*/
public class CsrfCheckFilter implements Filter {
private static final Logger LOGGER = LoggerFactory.getLogger(CsrfCheckFilter.class);
public CsrfCheckFilter(List<String> whiteHost) {
this.whiteHost = whiteHost;
}
public CsrfCheckFilter() {
}
/**
* 域名白名单
* 无需校验的
*/
private List<String> whiteHost = new ArrayList<String>();
@