修改安全测评内容

李宇

2021-01-28 2f52e8c752122625f189ae7657e621db0d6d253c

 src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java

@@ -86,50 +86,50 @@
                ctx = WebUtils.toHttp(request).getContextPath();
            }
            // 登录url拼接的jsessionId进行放行
            if(uri.startsWith(ctx + this.getLoginUrl() + ";jsessionid=") ||
                    uri.startsWith(ctx + this.getLoginUrl() + "%3bjsessionid=") ||
                    uri.startsWith(ctx + this.getLoginUrl() + "%3Bjsessionid=") ||
                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/resources/images/logo1.png;jsessionid=")||
                    uri.startsWith(ctx + "/resources/images/logo1.png%3bjsessionid=")||
                    uri.startsWith(ctx + "/resources/images/logo1.png%3Bjsessionid=")||

                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml;jsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3bjsessionid=")||
                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3Bjsessionid=")||

                    uri.startsWith(ctx + "/resources/images/logo.png;jsessionid=")||
                    uri.startsWith(ctx + "/resources/images/logo.png%3bjsessionid=")||
                    uri.startsWith(ctx + "/resources/images/logo.png%3Bjsessionid=")) {
                return false;
            }
//            if(uri.startsWith(ctx + this.getLoginUrl() + ";jsessionid=") ||
//                    uri.startsWith(ctx + this.getLoginUrl() + "%3bjsessionid=") ||
//                    uri.startsWith(ctx + this.getLoginUrl() + "%3Bjsessionid=") ||
//                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/resources/images/logo1.png;jsessionid=")||
//                    uri.startsWith(ctx + "/resources/images/logo1.png%3bjsessionid=")||
//                    uri.startsWith(ctx + "/resources/images/logo1.png%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml;jsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3bjsessionid=")||
//                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3Bjsessionid=")||
//
//                    uri.startsWith(ctx + "/resources/images/logo.png;jsessionid=")||
//                    uri.startsWith(ctx + "/resources/images/logo.png%3bjsessionid=")||
//                    uri.startsWith(ctx + "/resources/images/logo.png%3Bjsessionid=")) {
//                return false;
//            }
            return SEMICOLON.stream().anyMatch(uri::contains);
        }
        return false;