Package net.mingsoft.basic.filter

Class XssHttpServletRequestWrapper

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

net.mingsoft.basic.filter.XssHttpServletRequestWrapper

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest

public class XssHttpServletRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper

XSS 过滤器 用于请求参数的脚本数据

Field Summary

Fields

Modifier and Type	Field	Description
static cn.hutool.cache.impl.TimedCache<String,Boolean>	TIMED_REQ_CACHE
static cn.hutool.cache.impl.TimedCache<String,Integer>	TIMED_XSS_CACHE

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor	Description
XssHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request)
XssHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, List<String> excludesFiled)

Method Summary

Modifier and Type	Method	Description
String	getHeader(String name)	覆盖getHeader方法，将参数名和参数值都做xss过滤。
javax.servlet.ServletInputStream	getInputStream()
static javax.servlet.http.HttpServletRequest	getOrgRequest(javax.servlet.http.HttpServletRequest req)	获取最原始的request的静态方法
String	getParameter(String name)	覆盖getParameter方法，将参数名和参数值都做xss过滤。
Map	getParameterMap()
String[]	getParameterValues(String name)
javax.servlet.http.HttpServletRequest	getRequest()	获取最原始的request

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

Methods inherited from class javax.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Field Details

TIMED_XSS_CACHE

public static cn.hutool.cache.impl.TimedCache<String,Integer> TIMED_XSS_CACHE

TIMED_REQ_CACHE

public static cn.hutool.cache.impl.TimedCache<String,Boolean> TIMED_REQ_CACHE

Constructor Details

XssHttpServletRequestWrapper

public XssHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request)

XssHttpServletRequestWrapper

public XssHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request,
 List<String> excludesFiled)

Method Details

getInputStream

public javax.servlet.ServletInputStream getInputStream()
                                                throws IOException

Specified by:

getInputStream in interface javax.servlet.ServletRequest

Overrides:

getInputStream in class javax.servlet.ServletRequestWrapper

Throws:

IOException

getParameter

public String getParameter(String name)

覆盖getParameter方法，将参数名和参数值都做xss过滤。

如果需要获得原始的值，则通过super.getParameterValues(name)来获取

getParameterNames,getParameterValues和getParameterMap也可能需要覆盖

Specified by:

getParameter in interface javax.servlet.ServletRequest

Overrides:

getParameter in class javax.servlet.ServletRequestWrapper

getParameterMap

public Map getParameterMap()

Specified by:

getParameterMap in interface javax.servlet.ServletRequest

Overrides:

getParameterMap in class javax.servlet.ServletRequestWrapper

getParameterValues

public String[] getParameterValues(String name)

Specified by:

getParameterValues in interface javax.servlet.ServletRequest

Overrides:

getParameterValues in class javax.servlet.ServletRequestWrapper

getHeader

public String getHeader(String name)

覆盖getHeader方法，将参数名和参数值都做xss过滤。

如果需要获得原始的值，则通过super.getHeaders(name)来获取

getHeaderNames 也可能需要覆盖

Specified by:

getHeader in interface javax.servlet.http.HttpServletRequest

Overrides:

getHeader in class javax.servlet.http.HttpServletRequestWrapper

getRequest

public javax.servlet.http.HttpServletRequest getRequest()

获取最原始的request

Overrides:

getRequest in class javax.servlet.ServletRequestWrapper

Returns:

getOrgRequest

public static javax.servlet.http.HttpServletRequest getOrgRequest(javax.servlet.http.HttpServletRequest req)

获取最原始的request的静态方法

Returns: