-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* BaseUrlFilter 修改过滤全部路径,保证 BaseUrlFilter 优于UrlCheckFilter 执行 * 清除无用 html * 非法请求过滤器: 修复请求 path 中包含 // 或者以 / 结尾导致其它过滤器失效,对请求进行重定向 * 非法请求过滤器: 替换 getRequestURI() 为 getServletPath() * 非法请求过滤器: 截取 context-path * 非法请求过滤器: 去除 context-path * 非法请求过滤器: 排除首页path "/" * 非法请求过滤器: 请求地址中包含"//"或者以"/"结尾时导致其他过滤器失效,比如 TrustHostFilter
- Loading branch information
Showing
2 changed files
with
64 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
server/src/main/java/cn/keking/web/filter/UrlCheckFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
package cn.keking.web.filter; | ||
|
||
import org.apache.commons.lang3.StringUtils; | ||
|
||
import javax.servlet.*; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
/** | ||
* @date 2023/11/30 | ||
*/ | ||
public class UrlCheckFilter implements Filter { | ||
|
||
@Override | ||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { | ||
|
||
final HttpServletRequest httpServletRequest = (HttpServletRequest) request; | ||
String servletPath = httpServletRequest.getServletPath(); | ||
|
||
boolean redirect = false; | ||
|
||
// servletPath 中不能包含 // | ||
if (servletPath.contains("//")) { | ||
servletPath = servletPath.replaceAll("//+", "/"); | ||
redirect = true; | ||
} | ||
|
||
// 不能以 / 结尾,同时考虑 **首页** 的特殊性 | ||
if (servletPath.endsWith("/") && servletPath.length() > 1) { | ||
servletPath = servletPath.substring(0, servletPath.length() - 1); | ||
redirect = true; | ||
} | ||
if (redirect) { | ||
String redirectUrl; | ||
if (StringUtils.isBlank(BaseUrlFilter.getBaseUrl())) { | ||
// 正常 BaseUrlFilter 有限此 Filter 执行,不会执行到此 | ||
redirectUrl = httpServletRequest.getContextPath() + servletPath; | ||
} else { | ||
if (BaseUrlFilter.getBaseUrl().endsWith("/") && servletPath.startsWith("/")) { | ||
// BaseUrlFilter.getBaseUrl() 以 / 结尾,servletPath 以 / 开头,需再去除一次 // | ||
redirectUrl = BaseUrlFilter.getBaseUrl() + servletPath.substring(1); | ||
} else { | ||
redirectUrl = BaseUrlFilter.getBaseUrl() + servletPath; | ||
} | ||
} | ||
((HttpServletResponse) response).sendRedirect(redirectUrl + "?" + httpServletRequest.getQueryString()); | ||
} else { | ||
chain.doFilter(request, response); | ||
} | ||
} | ||
} |