过滤器解决Struts2重定向漏洞
生活随笔
收集整理的這篇文章主要介紹了
过滤器解决Struts2重定向漏洞
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
編寫過濾器控制類
package cn.csservice.cssdj.action.filter;import java.io.IOException;import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/*** 自定義過濾器:* 解決struts2重定向開放漏洞* @author shenqz**/ public class MyFilter implements Filter{@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void doFilter(ServletRequest requ, ServletResponse resp,FilterChain chain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) requ;HttpServletResponse response = (HttpServletResponse) resp;//獲取urlStringBuffer url = request.getRequestURL();//獲取參數String param = request.getQueryString();if(request.getQueryString() != null){String path = null;int index = param.indexOf("redirect");if(index > 0){path = url.append("?"+param.substring(0, index)).toString();int index2 = path.lastIndexOf("&");if(index2 != -1){response.sendRedirect(path.substring(0, path.length()-1));return;}else{response.sendRedirect(path);return;}}else if(index == 0){response.sendRedirect(url.toString());return;}}chain.doFilter(request, response);}@Overridepublic void destroy() {}}在web.xml中配置過濾器
<!-- 解決struts2重定向開放漏洞 --><filter><filter-name>myfilter</filter-name><filter-class>cn.csservice.cssdj.action.filter.MyFilter</filter-class></filter><filter-mapping><filter-name>myfilter</filter-name><url-pattern>*.action</url-pattern></filter-mapping>?
轉載于:https://www.cnblogs.com/shenqz/p/7232455.html
《新程序員》:云原生和全面數字化實踐50位技術專家共同創作,文字、視頻、音頻交互閱讀總結
以上是生活随笔為你收集整理的过滤器解决Struts2重定向漏洞的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Educational Codeforc
- 下一篇: mongodb中批量将时间戳转变通用日期