From 2f52e8c752122625f189ae7657e621db0d6d253c Mon Sep 17 00:00:00 2001
From: 李宇 <986321569@qq.com>
Date: 星期四, 28 一月 2021 09:39:19 +0800
Subject: [PATCH] 修改安全测评内容

---
 src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java |   88 ++++++++++++++++++++++----------------------
 1 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java b/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java
index 48fcb2e..b697690 100644
--- a/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java
+++ b/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java
@@ -86,50 +86,50 @@
                 ctx = WebUtils.toHttp(request).getContextPath();
             }
             // 登录url拼接的jsessionId进行放行
-            if(uri.startsWith(ctx + this.getLoginUrl() + ";jsessionid=") ||
-                    uri.startsWith(ctx + this.getLoginUrl() + "%3bjsessionid=") ||
-                    uri.startsWith(ctx + this.getLoginUrl() + "%3Bjsessionid=") ||
-                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/resources/images/logo1.png;jsessionid=")||
-                    uri.startsWith(ctx + "/resources/images/logo1.png%3bjsessionid=")||
-                    uri.startsWith(ctx + "/resources/images/logo1.png%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml;jsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3bjsessionid=")||
-                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3Bjsessionid=")||
-
-                    uri.startsWith(ctx + "/resources/images/logo.png;jsessionid=")||
-                    uri.startsWith(ctx + "/resources/images/logo.png%3bjsessionid=")||
-                    uri.startsWith(ctx + "/resources/images/logo.png%3Bjsessionid=")) {
-                return false;
-            }
+//            if(uri.startsWith(ctx + this.getLoginUrl() + ";jsessionid=") ||
+//                    uri.startsWith(ctx + this.getLoginUrl() + "%3bjsessionid=") ||
+//                    uri.startsWith(ctx + this.getLoginUrl() + "%3Bjsessionid=") ||
+//                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/resources/images/logo1.png;jsessionid=")||
+//                    uri.startsWith(ctx + "/resources/images/logo1.png%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/resources/images/logo1.png%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml;jsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3Bjsessionid=")||
+//
+//                    uri.startsWith(ctx + "/resources/images/logo.png;jsessionid=")||
+//                    uri.startsWith(ctx + "/resources/images/logo.png%3bjsessionid=")||
+//                    uri.startsWith(ctx + "/resources/images/logo.png%3Bjsessionid=")) {
+//                return false;
+//            }
             return SEMICOLON.stream().anyMatch(uri::contains);
         }
         return false;

--
Gitblit v1.9.2