package com.ots.common.xss;
|
import com.ots.common.utils.StringUtils;
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.util.ArrayList;
|
import java.util.List;
|
import java.util.regex.Matcher;
|
import java.util.regex.Pattern;
|
|
public class XssFilter implements Filter {
|
|
public List<String> excludes = new ArrayList<>();
|
|
public boolean enabled = false;
|
@Override
|
public void init(FilterConfig filterConfig) throws ServletException {
|
String tempExcludes = filterConfig.getInitParameter("excludes");
|
String tempEnabled = filterConfig.getInitParameter("enabled");
|
if (StringUtils.isNotEmpty(tempExcludes)) {
|
String[] url = tempExcludes.split(",");
|
for (int i = 0; url != null && i < url.length; i++) {
|
excludes.add(url[i]);
|
}
|
}
|
if (StringUtils.isNotEmpty(tempEnabled)) {
|
enabled = Boolean.valueOf(tempEnabled);
|
}
|
}
|
@Override
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
throws IOException, ServletException {
|
HttpServletRequest req = (HttpServletRequest) request;
|
HttpServletResponse resp = (HttpServletResponse) response;
|
if (handleExcludeURL(req, resp)) {
|
chain.doFilter(request, response);
|
return;
|
}
|
XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
|
chain.doFilter(xssRequest, response);
|
}
|
private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
|
if (!enabled) {
|
return true;
|
}
|
if (excludes == null || excludes.isEmpty()) {
|
return false;
|
}
|
String url = request.getServletPath();
|
for (String pattern : excludes) {
|
Pattern p = Pattern.compile("^" + pattern);
|
Matcher m = p.matcher(url);
|
if (m.find()) {
|
return true;
|
}
|
}
|
return false;
|
}
|
@Override
|
public void destroy() {
|
}
|
}
|
