xss加入配置文件
This commit is contained in:
RuoYi
@@ -45,7 +45,7 @@ public interface ShiroConstants
|
||||
/**
|
||||
* 验证码开关
|
||||
*/
|
||||
public static final String CURRENT_EBABLED = "captchaEbabled";
|
||||
public static final String CURRENT_ENABLED = "captchaEnabled";
|
||||
|
||||
/**
|
||||
* 验证码开关
|
||||
|
||||
@@ -11,7 +11,6 @@ import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.annotation.WebFilter;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
@@ -21,7 +20,6 @@ import com.ruoyi.common.utils.StringUtils;
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
@WebFilter(filterName = "xssFilter", urlPatterns = "/system/*")
|
||||
public class XssFilter implements Filter
|
||||
{
|
||||
/**
|
||||
@@ -32,14 +30,14 @@ public class XssFilter implements Filter
|
||||
/**
|
||||
* xss过滤开关
|
||||
*/
|
||||
public boolean xssEbabled = false;
|
||||
public boolean enabled = false;
|
||||
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) throws ServletException
|
||||
{
|
||||
String tempExcludes = filterConfig.getInitParameter("excludes");
|
||||
String tempXssEbabled = filterConfig.getInitParameter("xssEbabled");
|
||||
if (tempExcludes != null)
|
||||
String tempEnabled = filterConfig.getInitParameter("enabled");
|
||||
if (StringUtils.isNotEmpty(tempExcludes))
|
||||
{
|
||||
String[] url = tempExcludes.split(",");
|
||||
for (int i = 0; url != null && i < url.length; i++)
|
||||
@@ -47,9 +45,9 @@ public class XssFilter implements Filter
|
||||
excludes.add(url[i]);
|
||||
}
|
||||
}
|
||||
if (StringUtils.isNotEmpty(tempXssEbabled))
|
||||
if (StringUtils.isNotEmpty(tempEnabled))
|
||||
{
|
||||
xssEbabled = Boolean.valueOf(tempXssEbabled);
|
||||
enabled = Boolean.valueOf(tempEnabled);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -70,14 +68,14 @@ public class XssFilter implements Filter
|
||||
|
||||
private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
|
||||
{
|
||||
if (!enabled)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if (excludes == null || excludes.isEmpty())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if (!xssEbabled)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
String url = request.getServletPath();
|
||||
for (String pattern : excludes)
|
||||
{
|
||||
|
||||
@@ -2,10 +2,12 @@ package com.ruoyi.framework.config;
|
||||
|
||||
import java.util.Map;
|
||||
import javax.servlet.DispatcherType;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import com.google.common.collect.Maps;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.common.xss.XssFilter;
|
||||
|
||||
/**
|
||||
@@ -16,6 +18,15 @@ import com.ruoyi.common.xss.XssFilter;
|
||||
@Configuration
|
||||
public class FilterConfig
|
||||
{
|
||||
@Value("${xss.enabled}")
|
||||
private String enabled;
|
||||
|
||||
@Value("${xss.excludes}")
|
||||
private String excludes;
|
||||
|
||||
@Value("${xss.urlPatterns}")
|
||||
private String urlPatterns;
|
||||
|
||||
@SuppressWarnings({ "rawtypes", "unchecked" })
|
||||
@Bean
|
||||
public FilterRegistrationBean xssFilterRegistration()
|
||||
@@ -23,12 +34,12 @@ public class FilterConfig
|
||||
FilterRegistrationBean registration = new FilterRegistrationBean();
|
||||
registration.setDispatcherTypes(DispatcherType.REQUEST);
|
||||
registration.setFilter(new XssFilter());
|
||||
registration.addUrlPatterns("/*");
|
||||
registration.addUrlPatterns(StringUtils.split(urlPatterns, ","));
|
||||
registration.setName("xssFilter");
|
||||
registration.setOrder(Integer.MAX_VALUE);
|
||||
Map<String, String> initParameters = Maps.newHashMap();
|
||||
initParameters.put("excludes", "/system/notice/*,/img/*,/css/*,/fonts/*,/js/*,/ajax/*,/ruoyi/*");
|
||||
initParameters.put("xssEbabled", "false");
|
||||
initParameters.put("excludes", excludes);
|
||||
initParameters.put("enabled", enabled);
|
||||
registration.setInitParameters(initParameters);
|
||||
return registration;
|
||||
}
|
||||
|
||||
@@ -46,8 +46,8 @@ public class ShiroConfig
|
||||
private int validationInterval;
|
||||
|
||||
// 验证码开关
|
||||
@Value("${shiro.user.captchaEbabled}")
|
||||
private boolean captchaEbabled;
|
||||
@Value("${shiro.user.captchaEnabled}")
|
||||
private boolean captchaEnabled;
|
||||
|
||||
// 验证码类型
|
||||
@Value("${shiro.user.captchaType}")
|
||||
@@ -297,7 +297,7 @@ public class ShiroConfig
|
||||
public CaptchaValidateFilter captchaValidateFilter()
|
||||
{
|
||||
CaptchaValidateFilter captchaValidateFilter = new CaptchaValidateFilter();
|
||||
captchaValidateFilter.setCaptchaEbabled(captchaEbabled);
|
||||
captchaValidateFilter.setCaptchaEnabled(captchaEnabled);
|
||||
captchaValidateFilter.setCaptchaType(captchaType);
|
||||
return captchaValidateFilter;
|
||||
}
|
||||
|
||||
@@ -20,16 +20,16 @@ public class CaptchaValidateFilter extends AccessControlFilter
|
||||
/**
|
||||
* 是否开启验证码
|
||||
*/
|
||||
private boolean captchaEbabled = true;
|
||||
private boolean captchaEnabled = true;
|
||||
|
||||
/**
|
||||
* 验证码类型
|
||||
*/
|
||||
private String captchaType = "math";
|
||||
|
||||
public void setCaptchaEbabled(boolean captchaEbabled)
|
||||
public void setCaptchaEnabled(boolean captchaEnabled)
|
||||
{
|
||||
this.captchaEbabled = captchaEbabled;
|
||||
this.captchaEnabled = captchaEnabled;
|
||||
}
|
||||
|
||||
public void setCaptchaType(String captchaType)
|
||||
@@ -40,7 +40,7 @@ public class CaptchaValidateFilter extends AccessControlFilter
|
||||
@Override
|
||||
public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
|
||||
{
|
||||
request.setAttribute(ShiroConstants.CURRENT_EBABLED, captchaEbabled);
|
||||
request.setAttribute(ShiroConstants.CURRENT_ENABLED, captchaEnabled);
|
||||
request.setAttribute(ShiroConstants.CURRENT_TYPE, captchaType);
|
||||
return super.onPreHandle(request, response, mappedValue);
|
||||
}
|
||||
@@ -51,7 +51,7 @@ public class CaptchaValidateFilter extends AccessControlFilter
|
||||
{
|
||||
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
|
||||
// 验证码禁用 或不是表单提交 允许访问
|
||||
if (captchaEbabled == false || !"post".equals(httpServletRequest.getMethod().toLowerCase()))
|
||||
if (captchaEnabled == false || !"post".equals(httpServletRequest.getMethod().toLowerCase()))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user