sample-bootstrap use xss sql filter

05cd5812 · sinat_25235033 · 13a23e8d · 05cd5812
隐藏空白更改
内联并排

Showing with 6 addition and 2 deletion

sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java ...sthe/sureness/sample/bootstrap/SurenessFilterExample.java +6 -2

未找到文件。
--- a/sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
+++ b/sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
@@ -3,6 +3,7 @@ package com.usthe.sureness.sample.bootstrap;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.usthe.sureness.mgt.SurenessSecurityManager;
 import com.usthe.sureness.processor.exception.*;
+import com.usthe.sureness.security.XssSqlServletRequestWrapper;
 import com.usthe.sureness.subject.SubjectSum;
 import com.usthe.sureness.util.SurenessContextHolder;
 import org.slf4j.Logger;
@@ -18,6 +19,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -52,8 +54,10 @@ public class SurenessFilterExample implements Filter {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {

+        XssSqlServletRequestWrapper requestWrapper = new XssSqlServletRequestWrapper((HttpServletRequest) servletRequest);
+
        try {
-            SubjectSum subject = SurenessSecurityManager.getInstance().checkIn(servletRequest);
+            SubjectSum subject = SurenessSecurityManager.getInstance().checkIn(requestWrapper);
            // You can consider using SurenessContextHolder to bind subject in threadLocal
            // if bind, please remove it when end
            if (subject != null) {
@@ -93,7 +97,7 @@ public class SurenessFilterExample implements Filter {
        }
        try {
            // if ok, doFilter and add subject in request
-            filterChain.doFilter(servletRequest, servletResponse);
+            filterChain.doFilter(requestWrapper, servletResponse);
        } finally {
            int statusCode = ((HttpServletResponse) servletResponse).getStatus();
            String upgrade = ((HttpServletResponse) servletResponse).getHeader(UPGRADE);