From 389b83a7be93c8dfaabea345eff583efa91de0a1 Mon Sep 17 00:00:00 2001 From: yinbp Date: Wed, 30 Jan 2019 13:18:55 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B7=A8=E5=9F=9F=E8=AE=BF=E9=97=AEfilter?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E5=AE=8C=E5=96=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/frameworkset/util/ReferHelper.java | 488 ++++++++++-------- 1 file changed, 261 insertions(+), 227 deletions(-) diff --git a/bboss-util/src/org/frameworkset/util/ReferHelper.java b/bboss-util/src/org/frameworkset/util/ReferHelper.java index 1b46f4d3e..d1fadf3d8 100644 --- a/bboss-util/src/org/frameworkset/util/ReferHelper.java +++ b/bboss-util/src/org/frameworkset/util/ReferHelper.java @@ -1,227 +1,261 @@ -package org.frameworkset.util; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.frameworkset.util.StringUtil; - -public class ReferHelper { - private static Logger logger = LoggerFactory.getLogger(ReferHelper.class); - private String[] refererwallwhilelist; - private boolean refererDefender = false; - private PathMatcher pathMatcher; - private String[] wallfilterrules; - private String[] wallwhilelist; - public final static String[] wallfilterrules_default = new String[] { - "= 0) { - values[j] = null; - logger.warn("参数" + name + "值" + value + "包含敏感词:" - + wallfilterrules[i] + ",存在安全隐患,系统自动过滤掉参数值!"); - break; - } - } - j++; - - } - } - -} +package org.frameworkset.util; + +import com.frameworkset.util.StringUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +public class ReferHelper { + private static Logger logger = LoggerFactory.getLogger(ReferHelper.class); + private String[] refererwallwhilelist; + public static final String REQUEST_HEADER_REFER_CHECKED = "REQUEST_HEADER_REFER_CHECKED"; + // -------------------------------------------------- CORS Request Headers + /** + * The Origin header indicates where the cross-origin request or preflight + * request originates from. + */ + public static final String REQUEST_HEADER_ORIGIN = "Origin"; + /** + * The Access-Control-Request-Headers header indicates which headers will be + * used in the actual request as part of the preflight request. + */ + public static final String REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS = + "Access-Control-Request-Headers"; + + private boolean refererDefender = false; + private PathMatcher pathMatcher; + private String[] wallfilterrules; + private String[] wallwhilelist; + public final static String[] wallfilterrules_default = new String[] { + "= 0) { + values[j] = null; + logger.warn("参数" + name + "值" + value + "包含敏感词:" + + wallfilterrules[i] + ",存在安全隐患,系统自动过滤掉参数值!"); + break; + } + } + j++; + + } + } + +}