Package net.mingsoft.basic.filter

Class XssHttpServletRequestWrapper

java.lang.Object

jakarta.servlet.ServletRequestWrapper

jakarta.servlet.http.HttpServletRequestWrapper

net.mingsoft.basic.filter.XssHttpServletRequestWrapper

All Implemented Interfaces:

jakarta.servlet.http.HttpServletRequest, jakarta.servlet.ServletRequest

public class XssHttpServletRequestWrapper
extends jakarta.servlet.http.HttpServletRequestWrapper

XSS 过滤器 用于请求参数的脚本数据

Field Summary

Fields

Modifier and Type	Field	Description
static cn.hutool.cache.impl.TimedCache<String,Boolean>	TIMED_REQ_CACHE
static cn.hutool.cache.impl.TimedCache<String,Integer>	TIMED_XSS_CACHE

Fields inherited from interface jakarta.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor	Description
XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request)
XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request, List<String> excludesFiled)

Method Summary

Modifier and Type	Method	Description
String	getHeader(String name)	覆盖getHeader方法，将参数名和参数值都做xss过滤。
jakarta.servlet.ServletInputStream	getInputStream()
static jakarta.servlet.http.HttpServletRequest	getOrgRequest(jakarta.servlet.http.HttpServletRequest req)	获取最原始的request的静态方法
String	getParameter(String name)	覆盖getParameter方法，将参数名和参数值都做xss过滤。
Map	getParameterMap()
String[]	getParameterValues(String name)
jakarta.servlet.http.HttpServletRequest	getRequest()	获取最原始的request

Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper

authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

Methods inherited from class jakarta.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface jakarta.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Field Details

TIMED_XSS_CACHE

public static cn.hutool.cache.impl.TimedCache<String,Integer> TIMED_XSS_CACHE

TIMED_REQ_CACHE

public static cn.hutool.cache.impl.TimedCache<String,Boolean> TIMED_REQ_CACHE

Constructor Details

XssHttpServletRequestWrapper

public XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request)

XssHttpServletRequestWrapper

public XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request,
 List<String> excludesFiled)

Method Details

getInputStream

public jakarta.servlet.ServletInputStream getInputStream()
                                                  throws IOException

Specified by:

getInputStream in interface jakarta.servlet.ServletRequest

Overrides:

getInputStream in class jakarta.servlet.ServletRequestWrapper

Throws:

IOException

getParameter

public String getParameter(String name)

覆盖getParameter方法，将参数名和参数值都做xss过滤。

如果需要获得原始的值，则通过super.getParameterValues(name)来获取

getParameterNames,getParameterValues和getParameterMap也可能需要覆盖

Specified by:

getParameter in interface jakarta.servlet.ServletRequest

Overrides:

getParameter in class jakarta.servlet.ServletRequestWrapper

getParameterMap

public Map getParameterMap()

Specified by:

getParameterMap in interface jakarta.servlet.ServletRequest

Overrides:

getParameterMap in class jakarta.servlet.ServletRequestWrapper

getParameterValues

public String[] getParameterValues(String name)

Specified by:

getParameterValues in interface jakarta.servlet.ServletRequest

Overrides:

getParameterValues in class jakarta.servlet.ServletRequestWrapper

getHeader

public String getHeader(String name)

覆盖getHeader方法，将参数名和参数值都做xss过滤。

如果需要获得原始的值，则通过super.getHeaders(name)来获取

getHeaderNames 也可能需要覆盖

Specified by:

getHeader in interface jakarta.servlet.http.HttpServletRequest

Overrides:

getHeader in class jakarta.servlet.http.HttpServletRequestWrapper

getRequest

public jakarta.servlet.http.HttpServletRequest getRequest()

获取最原始的request

Overrides:

getRequest in class jakarta.servlet.ServletRequestWrapper

Returns:

getOrgRequest

public static jakarta.servlet.http.HttpServletRequest getOrgRequest(jakarta.servlet.http.HttpServletRequest req)

获取最原始的request的静态方法

Returns: