v1.1.6 发布

2018-06-03 19:34:04 +08:00
parent 5bd1e2bd5f
commit 3baaf1929e
25 changed files with 379 additions and 103 deletions
--- a/src/main/java/com/ruoyi/common/xss/XssFilter.java
+++ b/src/main/java/com/ruoyi/common/xss/XssFilter.java
@ -0,0 +1,42 @@
+package com.ruoyi.common.xss;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 防止XSS攻击的过滤器
+ * 
+ * @author ruoyi
+ */
+@WebFilter(filterName = "xssFilter", urlPatterns = "/system/*")
+public class XssFilter implements Filter
+{
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException
+    {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException
+    {
+        XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
+        chain.doFilter(xssRequest, response);
+    }
+
+    @Override
+    public void destroy()
+    {
+
+    }
+
+}
--- a/src/main/java/com/ruoyi/common/xss/XssHttpServletRequestWrapper.java
+++ b/src/main/java/com/ruoyi/common/xss/XssHttpServletRequestWrapper.java
@ -0,0 +1,41 @@
+package com.ruoyi.common.xss;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import org.jsoup.Jsoup;
+import org.jsoup.safety.Whitelist;
+
+/**
+ * XSS过滤处理
+ * 
+ * @author ruoyi
+ */
+public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
+{
+
+    /**
+     * @param request
+     */
+    public XssHttpServletRequestWrapper(HttpServletRequest request)
+    {
+        super(request);
+    }
+
+    @Override
+    public String[] getParameterValues(String name)
+    {
+        String[] values = super.getParameterValues(name);
+        if (values != null)
+        {
+            int length = values.length;
+            String[] escapseValues = new String[length];
+            for (int i = 0; i < length; i++)
+            {
+                // 防xss攻击和过滤前后空格
+                escapseValues[i] = Jsoup.clean(values[i], Whitelist.relaxed()).trim();
+            }
+            return escapseValues;
+        }
+        return super.getParameterValues(name);
+    }
+}
--- a/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
+++ b/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
@ -2,7 +2,6 @@ package com.ruoyi.framework.aspectj;

 import java.lang.reflect.Method;
 import java.util.Map;
-
 import com.ruoyi.common.utils.AddressUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.Signature;
@ -17,7 +16,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.stereotype.Component;
-
 import com.alibaba.fastjson.JSONObject;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.utils.ServletUtils;
--- a/src/main/java/com/ruoyi/framework/config/FilterConfig.java
+++ b/src/main/java/com/ruoyi/framework/config/FilterConfig.java
@ -0,0 +1,28 @@
+package com.ruoyi.framework.config;
+
+import javax.servlet.DispatcherType;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import com.ruoyi.common.xss.XssFilter;
+
+/**
+ * Filter配置
+ *
+ * @author ruoyi
+ */
+@Configuration
+public class FilterConfig
+{
+    @Bean
+    public FilterRegistrationBean xssFilterRegistration()
+    {
+        FilterRegistrationBean registration = new FilterRegistrationBean();
+        registration.setDispatcherTypes(DispatcherType.REQUEST);
+        registration.setFilter(new XssFilter());
+        registration.addUrlPatterns("/*");
+        registration.setName("xssFilter");
+        registration.setOrder(Integer.MAX_VALUE);
+        return registration;
+    }
+}
--- a/src/main/java/com/ruoyi/project/system/role/controller/RoleController.java
+++ b/src/main/java/com/ruoyi/project/system/role/controller/RoleController.java
@ -42,7 +42,7 @@ public class RoleController extends BaseController
    }

    @RequiresPermissions("system:role:list")
-    @GetMapping("/list")
+    @PostMapping("/list")
    @ResponseBody
    public TableDataInfo list(Role role)
    {
--- a/src/main/java/com/ruoyi/project/system/role/domain/Role.java
+++ b/src/main/java/com/ruoyi/project/system/role/domain/Role.java
@ -20,7 +20,7 @@ public class Role extends BaseEntity
    /** 角色排序 */
    private String roleSort;
    /** 角色状态:0正常,1禁用 */
-    private int status;
+    private Integer status;
    /** 用户是否存在此角色标识 默认不存在 */
    private boolean flag = false;
    /** 菜单组 */
@ -66,12 +66,12 @@ public class Role extends BaseEntity
        this.roleSort = roleSort;
    }

-    public int getStatus()
+    public Integer getStatus()
    {
        return status;
    }

-    public void setStatus(int status)
+    public void setStatus(Integer status)
    {
        this.status = status;
    }