| java配置多个过滤器优先级以及几个常用过滤器 | 您所在的位置:网站首页 › filter优先级 › java配置多个过滤器优先级以及几个常用过滤器 |
|
一个项目中不出意外的话会有两个以上的过滤器,但是直接不配置的话他会按照你的过滤器名字排序执行,这样的话可能会导致一些性能上或者逻辑上的问题。那么,控制一下执行顺序是我们所必须要做的。 java封装了一个FilterRegistrationBean对象,可以把他比作一个容器,将过滤器套入这个对象中,可以对这个对象进行优先级设置、过滤规则设置等属性,下面是几个常用的过滤器以及过滤器配置。 过滤器配置: package cn.ask.filter; import javax.servlet.DispatcherType; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.filter.DelegatingFilterProxy; /** * Title: FilterConfig * @date 2018年10月25日 * @version V1.0 * Description: 过滤器配置 */ @SuppressWarnings("all") @Configuration public class FilterConfig { /** * @Description 防xss攻击过滤器 * @date 2018年8月16日下午4:55:44 */ @Bean public FilterRegistrationBean xssFilterRegistration() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setDispatcherTypes(DispatcherType.REQUEST); registration.setFilter(new XssFilter()); registration.addUrlPatterns("/*"); registration.setName("xssFilter"); //order数字越小越先执行 registration.setOrder(1); return registration; } /** * @Description 获取登录信息 * @date 2018年10月25日上午9:14:48 */ @Bean public FilterRegistrationBean cookieRegistration() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setDispatcherTypes(DispatcherType.REQUEST); registration.setFilter(new CookieFilter()); registration.addUrlPatterns("/*"); registration.setName("firstFilter"); registration.setOrder(2); return registration; } }常用过滤器之一:sso单点登录(使用cookie记录跨站数据) package cn.ask.filter; import java.io.IOException; import java.net.URLDecoder; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; /** * Servlet Filter implementation class FirstFilter */ public class CookieFilter implements Filter { /** * Default constructor. */ public CookieFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; String tokenHeader = req.getHeader("token"); if(StringUtils.isBlank(tokenHeader)) { Cookie[] cookies = req.getCookies(); if (cookies != null && cookies.length > 0) { for (int i = 0; i < cookies.length; i++) { String name = cookies[i].getName(); String value = cookies[i].getValue(); if ("user_accesstoken".equals(name)) { // 用户token req.setAttribute("token", URLDecoder.decode(value, "utf-8")); } if ("user_avatar".equals(name)) { // 头像 req.setAttribute("avatar", URLDecoder.decode(value, "utf-8")); } if ("user_nickname".equals(name)) { // 昵称 req.setAttribute("nickname", URLDecoder.decode(value, "utf-8")); } String token = (String) req.getAttribute("token"); if (StringUtils.isBlank(token)) { req.setAttribute("isLogin", "no"); } else { req.setAttribute("isLogin", "yes"); } } }else { req.removeAttribute("token"); req.removeAttribute("avatar"); req.removeAttribute("nickname"); req.setAttribute("isLogin", "no"); } } else { req.setAttribute("token", tokenHeader); } chain.doFilter(request, response); } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub } }常用过滤器之二:xss过滤以及防html注入过滤(包括过滤敏感词) package cn.ask.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; /** * Title: XssFilter * @date 2018年8月16日 * @version V1.0 * Description: xss过滤 */ public class XssFilter implements Filter { @Override public void init(FilterConfig config) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request); chain.doFilter(xssRequest, response); } @Override public void destroy() { } } package cn.ask.filter; import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.LinkedHashMap; import java.util.Map; import javax.servlet.ReadListener; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; /** * Title: XssHttpServletRequestWrapper * @date 2018年8月16日 * @version V1.0 * Description: XSS过滤处理 */ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /**没被包装过的HttpServletRequest(特殊场景,需要自己过滤*/ HttpServletRequest orgRequest; /**html过滤*/ private final static HtmlFilter HTMLFILTER = new HtmlFilter(); public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); orgRequest = request; } @Override public ServletInputStream getInputStream() throws IOException { //非json类型,直接返回 if(!super.getHeader(HttpHeaders.CONTENT_TYPE).equalsIgnoreCase(MediaType.APPLICATION_JSON_VALUE)){ return super.getInputStream(); } //为空,直接返回 String json = IOUtils.toString(super.getInputStream(), "utf-8"); if (StringUtils.isBlank(json)) { return super.getInputStream(); } //xss过滤 json = xssEncode(json); final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes()); return new ServletInputStream() { @Override public boolean isFinished() { return true; } @Override public boolean isReady() { return true; } @Override public void setReadListener(ReadListener readListener) { } @Override public int read() throws IOException { return bis.read(); } }; } @Override public String getParameter(String name) { String value = super.getParameter(xssEncode(name)); if (StringUtils.isNotBlank(value)) { value = xssEncode(value); } return value; } @Override public String[] getParameterValues(String name) { String[] parameters = super.getParameterValues(name); if (parameters == null || parameters.length == 0) { return null; } for (int i = 0; i < parameters.length; i++) { parameters[i] = xssEncode(parameters[i]); } return parameters; } @Override public Map getParameterMap() { Map map = new LinkedHashMap(); Map parameters = super.getParameterMap(); for (String key : parameters.keySet()) { String[] values = parameters.get(key); for (int i = 0; i < values.length; i++) { values[i] = xssEncode(values[i]); } map.put(key, values); } return map; } @Override public String getHeader(String name) { String value = super.getHeader(xssEncode(name)); if (StringUtils.isNotBlank(value)) { value = xssEncode(value); } return value; } //富文本内容放行 private String xssEncode(String input) { if(!input.startsWith("")); } m.appendTail(buf); return buf.toString(); } private String balanceHTML(String s) { if (alwaysMakeTags) { // // try and form html // s = regexReplace(P_END_ARROW, "", s); s = regexReplace(P_BODY_TO_END, "", s); s = regexReplace(P_XML_CONTENT, "$1")); } result = regexReplace(P_REMOVE_PAIR_BLANKS.get(tag), "", result); if(!P_REMOVE_SELF_BLANKS.containsKey(tag)){ P_REMOVE_SELF_BLANKS.putIfAbsent(tag, Pattern.compile("]*)?/>")); } result = regexReplace(P_REMOVE_SELF_BLANKS.get(tag), "", result); } return result; } private static String regexReplace(final Pattern regexPattern, final String replacement, final String s) { Matcher m = regexPattern.matcher(s); return m.replaceAll(replacement); } private String processTag(final String s) { // ending tags Matcher m = P_END_TAG.matcher(s); if (m.find()) { final String name = m.group(1).toLowerCase(); if (allowed(name)) { if (!inArray(name, vSelfClosingTags)) { if (vTagCounts.containsKey(name)) { vTagCounts.put(name, vTagCounts.get(name) - 1); return ""; } } } } // starting tags m = P_START_TAG.matcher(s); if (m.find()) { final String name = m.group(1).toLowerCase(); final String body = m.group(2); String ending = m.group(3); //debug( "in a starting tag, name='" + name + "'; body='" + body + "'; ending='" + ending + "'" ); if (allowed(name)) { String params = ""; final Matcher m2 = P_QUOTED_ATTRIBUTES.matcher(body); final Matcher m3 = P_UNQUOTED_ATTRIBUTES.matcher(body); final List paramNames = new ArrayList(); final List paramValues = new ArrayList(); while (m2.find()) { /**([a-z0-9]+)*/ paramNames.add(m2.group(1)); /**(.*?)*/ paramValues.add(m2.group(3)); } while (m3.find()) { /**([a-z0-9]+)*/ paramNames.add(m3.group(1)); /**([^\"\\s']+)*/ paramValues.add(m3.group(3)); } String paramName, paramValue; for (int ii = 0; ii < paramNames.size(); ii++) { paramName = paramNames.get(ii).toLowerCase(); paramValue = paramValues.get(ii); if (allowedAttribute(name, paramName)) { if (inArray(paramName, vProtocolAtts)) { paramValue = processParamProtocol(paramValue); } params += " " + paramName + "=\"" + paramValue + "\""; } } if (inArray(name, vSelfClosingTags)) { ending = " /"; } if (inArray(name, vNeedClosingTags)) { ending = ""; } if (ending == null || ending.length() < 1) { if (vTagCounts.containsKey(name)) { vTagCounts.put(name, vTagCounts.get(name) + 1); } else { vTagCounts.put(name, 1); } } else { ending = " /"; } return ""; } else { return ""; } } // comments m = P_COMMENT.matcher(s); if (!stripComment && m.find()) { return ""; } return ""; } private String processParamProtocol(String s) { s = decodeEntities(s); final Matcher m = P_PROTOCOL.matcher(s); if (m.find()) { final String protocol = m.group(1); if (!inArray(protocol, vAllowedProtocols)) { // bad protocol, turn into local anchor link instead s = "#" + s.substring(protocol.length() + 1, s.length()); if (s.startsWith(SS)) { s = "#" + s.substring(3, s.length()); } } } return s; } private String decodeEntities(String s) { StringBuffer buf = new StringBuffer(); Matcher m = P_ENTITY.matcher(s); while (m.find()) { final String match = m.group(1); final int decimal = Integer.decode(match).intValue(); m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal))); } m.appendTail(buf); s = buf.toString(); buf = new StringBuffer(); m = P_ENTITY_UNICODE.matcher(s); while (m.find()) { final String match = m.group(1); final int decimal = Integer.valueOf(match, 16).intValue(); m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal))); } m.appendTail(buf); s = buf.toString(); buf = new StringBuffer(); m = P_ENCODE.matcher(s); while (m.find()) { final String match = m.group(1); final int decimal = Integer.valueOf(match, 16).intValue(); m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal))); } m.appendTail(buf); s = buf.toString(); s = validateEntities(s); return s; } private String validateEntities(final String s) { StringBuffer buf = new StringBuffer(); // validate entities throughout the string Matcher m = P_VALID_ENTITIES.matcher(s); while (m.find()) { /**([^&;]*)*/ final String one = m.group(1); /**(?=(;|&|$))*/ final String two = m.group(2); m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two))); } m.appendTail(buf); return encodeQuotes(buf.toString()); } private String encodeQuotes(final String s){ if(encodeQuotes){ StringBuffer buf = new StringBuffer(); Matcher m = P_VALID_QUOTES.matcher(s); while (m.find()) { /**(>|^)*/ final String one = m.group(1); /**([^ 0) {// 存在,加入list中 sensitiveWordList.add(txt.substring(i, i + length)); i = i + length - 1;// 减1的原因,是因为for会自增 } } return sensitiveWordList; } /** * @author gaodeqiang * @Description 替换敏感字字符 * @date 2018年12月13日上午9:36:34 */ public String replaceSensitiveWord(String txt, char replaceChar, int matchType) { String resultTxt = txt; // 获取所有的敏感词 Set set = getSensitiveWord(txt, matchType); Iterator iterator = set.iterator(); String word; String replaceString; while (iterator.hasNext()) { word = iterator.next(); replaceString = getReplaceChars(replaceChar, word.length()); resultTxt = resultTxt.replaceAll(word, replaceString); } return resultTxt; } /** * @author gaodeqiang * @Description 获取替换字符串 * @date 2018年12月13日上午9:37:53 */ private String getReplaceChars(char replaceChar, int length) { String resultReplace = String.valueOf(replaceChar); for (int i = 1; i < length; i++) { resultReplace += replaceChar; } return resultReplace; } }
|
| CopyRight 2018-2019 实验室设备网 版权所有 |