package com.jilongda.common.security.filter;
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.module.SimpleModule;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Primary;
|
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import java.io.IOException;
|
|
/**
|
* @author yu 2019/1/20.
|
*/
|
public class XssFilter implements Filter {
|
|
@Override
|
public void init(FilterConfig filterConfig) throws ServletException {
|
|
}
|
|
@Override
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
throws IOException, ServletException {
|
HttpServletRequest req = (HttpServletRequest) request;
|
XssAndSqlHttpServletRequestWrapper xssRequestWrapper = new XssAndSqlHttpServletRequestWrapper(req);
|
|
|
chain.doFilter(xssRequestWrapper, response);
|
}
|
|
@Override
|
public void destroy() {
|
|
}
|
|
/**
|
* 过滤json类型的
|
*
|
* @param builder
|
* @return
|
*/
|
@Bean
|
@Primary
|
public ObjectMapper xssObjectMapper(Jackson2ObjectMapperBuilder builder) {
|
//解析器
|
ObjectMapper objectMapper = builder.createXmlMapper(false).build();
|
//注册xss解析器
|
SimpleModule xssModule = new SimpleModule("XssStringJsonSerializer");
|
xssModule.addSerializer(new XssStringJsonSerializer());
|
objectMapper.registerModule(xssModule);
|
//返回
|
return objectMapper;
|
}
|
|
|
}
|
