Springbootブロッキングを構成し、@RequestBody注記パラメータとpost要求パラメータ、get要求パラメータをブロッキングで取得
1.ブロッキングの構成
package com.jy.gxw.config.interceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import com.jy.common.base.event.IEventService;
import com.jy.common.interceptor.EventInterceptor;
/**
*
*
* @author ShuoYuan
*
*/
@Configuration
public class InterceptorConfigurer extends WebMvcConfigurerAdapter {
@Autowired
private IEventService eventService;
/**
* *
*/
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
registry.addResourceHandler("/templates/**").addResourceLocations("classpath:/templates/");
super.addResourceHandlers(registry);
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// addPathPatterns
// excludePathPatterns
//
registry.addInterceptor(new SessionInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/user/login") //
.excludePathPatterns("/api/code/get/pageCode");//
super.addInterceptors(registry);
//
registry.addInterceptor(new EventInterceptor(eventService));
}
}
package com.jy.gxw.config.interceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.jy.gxw.util.JSONUtils;
/**
* Created by 20160216 on 2018/2/8.
*/
public class SessionInterceptor extends HandlerInterceptorAdapter {
private Logger logger = LoggerFactory.getLogger(SessionInterceptor.class);
//
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
System.out.println(" 。。。。。");
try {
RequestWrapper requestWrapper = new RequestWrapper(request);
// @RequestBody post
String body = requestWrapper.getBody();
System.out.println(" body:" + body);
System.out.println("uri=" + request.getRequestURI());
// get
Map ParameterMap = request.getParameterMap();
System.out.println(" :" + ParameterMap.size());
Map reqMap = new HashMap();
Set> entry = ParameterMap.entrySet();
Iterator> it = entry.iterator();
while (it.hasNext()) {
Map.Entry me = it.next();
String key = me.getKey();
String value = me.getValue()[0];
reqMap.put(key, value);
}
String queryString = JSONUtils.JsonToString(JSONUtils.MapToJson(reqMap));
System.out.println(queryString);
//
if (request.getRequestURI().equals("/api/code/get/pageCode")) {
return true;
}
// session
Object obj = request.getSession().getAttribute("_session_user");
if (obj == null) {
response.sendRedirect("/user/login_view");//
return false;
}
return true;
} catch (Exception e) {
logger.error(" ", e);
}
return false;
}
//
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o,
ModelAndView modelAndView) throws Exception {
}
//
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Object o, Exception e) throws Exception {
}
}
package com.jy.gxw.config.interceptor;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;
public class RequestWrapper extends HttpServletRequestWrapper {
private final String body;
public RequestWrapper(HttpServletRequest request) {
super(request);
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
InputStream inputStream = null;
try {
inputStream = request.getInputStream();
if (inputStream != null) {
bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
char[] charBuffer = new char[128];
int bytesRead = -1;
while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
stringBuilder.append(charBuffer, 0, bytesRead);
}
} else {
stringBuilder.append("");
}
} catch (IOException ex) {
} finally {
if (inputStream != null) {
try {
inputStream.close();
}
catch (IOException e) {
e.printStackTrace();
}
}
if (bufferedReader != null) {
try {
bufferedReader.close();
}
catch (IOException e) {
e.printStackTrace();
}
}
}
body = stringBuilder.toString();
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
ServletInputStream servletInputStream = new ServletInputStream() {
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
@Override
public int read() throws IOException {
return byteArrayInputStream.read();
}
};
return servletInputStream;
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(this.getInputStream()));
}
public String getBody() {
return this.body;
}
}
package com.jy.gxw.util;
import java.util.HashMap;
import java.util.Map;
import com.alibaba.druid.util.StringUtils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
public class JSONUtils {
/**
* Bean JSON
*
* @param object
* @param dataFormatString
* @return
*/
public static String beanToJson(Object object, String dataFormatString) {
if (object != null) {
if (StringUtils.isEmpty(dataFormatString)) {
return JSONObject.toJSONString(object);
}
return JSON.toJSONStringWithDateFormat(object, dataFormatString);
} else {
return null;
}
}
/**
* Bean JSON
*
* @param object
* @return
*/
public static String beanToJson(Object object) {
if (object != null) {
return JSON.toJSONString(object);
} else {
return null;
}
}
/**
* String JSON
*
* @param key
* @param value
* @return
*/
public static String stringToJsonByFastjson(String key, String value) {
if (StringUtils.isEmpty(key) || StringUtils.isEmpty(value)) {
return null;
}
Map map = new HashMap();
map.put(key, value);
return beanToJson(map, null);
}
/**
* json
*
* @param json
* @param clazz
* @return
*/
public static Object jsonToBean(String json, Object clazz) {
if (StringUtils.isEmpty(json) || clazz == null) {
return null;
}
return JSON.parseObject(json, clazz.getClass());
}
/**
* json map
*
* @param json
* @return
*/
@SuppressWarnings("unchecked")
public static Map jsonToMap(String json) {
if (StringUtils.isEmpty(json)) {
return null;
}
return JSON.parseObject(json, Map.class);
}
public static JSONObject MapToJson(Map m){
JSONObject json = new JSONObject(m);
return json;
}
public static String JsonToString(JSONObject json){
return json.toJSONString();
}
}
package com.jy.gxw.config.filter;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import com.jy.gxw.config.interceptor.RequestWrapper;
/**
*
* ( SQL , XSS )
*
*
*/
public class XssFilter implements Filter {
private static final Logger logger = LogManager.getLogger(XssFilter.class);
/**
* URL
*/
private List excludeUrls = new ArrayList();
/**
* 、 ,
*/
private List noticeUrls = new ArrayList();
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
logger.info("================ ======================");
HttpServletResponse response = (HttpServletResponse) arg1;
ServletRequest req = null;
if(arg0 instanceof HttpServletRequest) {
req = new RequestWrapper((HttpServletRequest) arg0);
// @RequestBody post
String body = ((RequestWrapper) req).getBody();
System.out.println(" body:" + body);
HttpServletRequest req1 = (HttpServletRequest) req;
String pathInfo = req1.getPathInfo() == null ? "" : req1.getPathInfo();
String url = req1.getServletPath() + pathInfo;
String uri = req1.getRequestURI();
boolean isNoticeUrl = false;
// URL 。
for (String str : excludeUrls) {
if (uri.indexOf(str) >= 0) {
logger.info(" URL :" + url);
arg2.doFilter(req, response);
return;
}
}
for (String st : noticeUrls) {
if (uri.indexOf(st) >= 0) {
isNoticeUrl = true;
break;
}
}
List ll=getvalue(body);
// , SQL , XSS
if(ll!=null){
for(String ss:ll) {
// SQL
if (checkSQLInject(ss, url)) {
errorResponse(response, ss);
return;
}
}}
}
if(req == null) {
arg2.doFilter(arg0, response);
} else {
arg2.doFilter(req, response);
}
}
public List getvalue(String str){
int len=str.length();
if(len>5){
List l=new ArrayList();
for(int i=0;i readFile(String fileName) {
List list = new ArrayList();
BufferedReader reader = null;
FileInputStream fis = null;
try {
File f = new File(fileName);
if (f.isFile() && f.exists()) {
fis = new FileInputStream(f);
reader = new BufferedReader(new InputStreamReader(fis, "UTF-8"));
String line;
while ((line = reader.readLine()) != null) {
if (!"".equals(line)) {
list.add(line);
}
}
}
} catch (Exception e) {
logger.error("readFile", e);
} finally {
try {
if (reader != null) {
reader.close();
}
} catch (IOException e) {
logger.error("InputStream ", e);
}
try {
if (fis != null) {
fis.close();
}
} catch (IOException e) {
logger.error("FileInputStream ", e);
}
}
return list;
}
private String xssEncode(String s) {
if (s == null || s.isEmpty()) {
return s;
}
/*s.replaceAll("||", "");
s.replaceAll("|", "");
s.replaceAll(regex, replacement)*/
StringBuilder sb = new StringBuilder(s.length() + 16);
for (int i = 0; i < s.length(); i++) {
char c = s.charAt(i);
switch (c) {
case '>':
sb.append('>');//
break;
case '", "(", ")", ",",
"\\", "svg", "confirm", "prompt", "onload", "onmouseover", "onfocus", "onerror" };
str = str.toLowerCase(); // sql
for (int i = 0; i < inj_stra.length; i++) {
if (str.indexOf(inj_stra[i]) >= 0) {
logger.info("xss url:" + url + ", : , str=" + str + ", :" + inj_stra[i]);
return true;
}
}
return false;
}
}