lql
/
fj-dc


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
							package cn.com.goldenwater.dcproj.filter;


import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/**
 * @author 81229
 */
@WebFilter(urlPatterns = "/*")
public class XssFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(XssFilter.class);

    private static final Set<String> ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet<>(
            Arrays.asList("/bis/insp/news")));

    FilterConfig filterConfig = null;

    @Value("${intercept.enable}")
    private boolean intercept;
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    @Override
    public void destroy() {
        this.filterConfig = null;
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
                         FilterChain chain) throws IOException, ServletException {


        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");
        boolean allowedPath = ALLOWED_PATHS.contains(path);

        if (allowedPath) {
//            logger.debug("这里是不需要处理的url进入的方法");
            chain.doFilter(request, response);
        }
        else {
//            logger.debug("这里是需要处理的url进入的方法");
            chain.doFilter(new XssHttpServletRequestWrapper(request,response),response);
        }

//        if(intercept) {
//            String server = request.getServletPath();
//            server = RequestUtils.cleanScript(server);
//            System.out.println("server-->"+server);
//            logger.info("server-->"+server);
//            if (server.contains("error-333:")||server.contains(".")||server.contains("..")||server.contains("(")||server.contains(" - ")
//                    ||server.contains(")")) {
//                if(!server.contains(".html") && !server.contains("favicon.ico") && !server.contains("upload")) {
//                    try {
//                        ReturnUtils.responseFail(response, "路径存在异常，请仔细检查", 5555);
//                        return;
//                    } catch (Exception e) {
//                        e.printStackTrace();
//                    }
//                }
//            }
//        }

    }
}