zoukankan      html  css  js  c++  java

  • Spring @webFilter注解实现过滤器 省略配置xml

    /**
 * @author Leon
 */
@WebFilter(filterName = "WebFilter", urlPatterns = "/*")
class WebsFilter implements Filter {

  @Autowired
  private ILogsService logsService;

  @Override
  public void init(FilterConfig config) throws ServletException {
    /*初始化方法  接收一个FilterConfig类型的参数 该参数是对Filter的一些配置*/
  }

  @Override
  public void destroy() {
    /*销毁时调用*/
  }

  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws ServletException, IOException {
    String method;
    if (request instanceof HttpServletRequest) {
      method = ((HttpServletRequest) request).getMethod();
      String path = ((HttpServletRequest) request).getServletPath();
      if (("GET".equalsIgnoreCase(method)) && ((path.indexOf("/wangwang") != -1)) {
        Enumeration names = request.getParameterNames();
        while (names.hasMoreElements()) {
          String name = (String) names.nextElement();
          String value = request.getParameter(name);
          System.out.println(name + "---" + value);
          if (checkGetMethodParams(value)) {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json;charset=UTF-8");
            PrintWriter out = response.getWriter();
            out.write("您所访问的页面请求中有违反安全规则元素存在,拒绝访问!");
            return;
          }
        }
      }
    }
    chain.doFilter(request, response);
  }

  /*路径遍历攻击常用字符*/
  public static boolean checkGetMethodParams(String param) {
    if (param.indexOf("../") != -1) {
      return true;
    }
    if (param.indexOf("%2e%2e/") != -1) {
      return true;
    }
    if (param.indexOf("%2e%2e%2f") != -1) {
      return true;
    }
    if (param.indexOf("..\\") != -1) {
      return true;
    }
    if (param.indexOf("..%2f") != -1) {
      return true;
    }
    if (param.indexOf("..") != -1) {
      return true;
    }
    if (param.indexOf("%c1%1c") != -1) {
      return true;
    }
    if (param.indexOf("%c0%9v") != -1) {
      return true;
    }
    if (param.indexOf("%c0%af") != -1) {
      return true;
    }
    if (param.indexOf("..%5c../") != -1) {
      return true;
    }
    if (param.indexOf(".bat") != -1) {
      return true;
    }
    if (param.indexOf(".sh") != -1) {
      return true;
    }
    if (param.indexOf(".cmd") != -1) {
      return true;
    }
    if (param.indexOf(".ini") != -1) {
      return true;
    }
    //注释内容(第一个冒号后也可以跟任何一个非字母数字的字符)
    if (param.indexOf("::") != -1) {
      return true;
    }
    //注释内容(不能出现重定向符号和管道符号)
    if (param.indexOf("rem") != -1) {
      return true;
    }
    //注释内容(不能出现重定向符号和管道符号)
    if (param.indexOf("echo") != -1) {
      return true;
    }
    //注释内容(不能出现重定向符号和管道符号)
    if (param.indexOf("if not exist nul") != -1) {
      return true;
    }
    if (param.indexOf("goto") != -1) {
      return true;
    }
    if (param.indexOf("\\") != -1) {
      return true;
    }
    if (param.indexOf("%5C") != -1) {
      return true;
    }
    return false;
  }
}

     截图自:https://www.cnblogs.com/kelelipeng/p/11382404.html

    往事如烟,余生有我.
  • 相关阅读:
    Windows Phone 独立存储资源管理器工具
    Windows Phone 选择器
    Windows Phone 启动器
    Windows Phone 8 ControlTiltEffect
    ActivatedEventArgs.IsApplicationInstancePreserved 属性
    HttpWebRequest BeginGetResponse EndGetResponse
    python并发编程-进程间通信-Queue队列使用-生产者消费者模型-线程理论-创建及对象属性方法-线程互斥锁-守护线程-02
    python并发编程-进程理论-进程方法-守护进程-互斥锁-01
    python网络编程-socket套接字通信循环-粘包问题-struct模块-02
    python网络编程-异常处理-异常捕获-抛出异常-断言-自定义异常-UDP通信-socketserver模块应用-03
  • 原文地址:https://www.cnblogs.com/assistants/p/15718673.html
Copyright © 2011-2022 走看看