From 2f52e8c752122625f189ae7657e621db0d6d253c Mon Sep 17 00:00:00 2001 From: 李宇 <986321569@qq.com> Date: 星期四, 28 一月 2021 09:39:19 +0800 Subject: [PATCH] 修改安全测评内容 --- src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java | 88 ++++++++++++++++++++++---------------------- 1 files changed, 44 insertions(+), 44 deletions(-) diff --git a/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java b/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java index 48fcb2e..b697690 100644 --- a/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java +++ b/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java @@ -86,50 +86,50 @@ ctx = WebUtils.toHttp(request).getContextPath(); } // 登录url拼接的jsessionId进行放行 - if(uri.startsWith(ctx + this.getLoginUrl() + ";jsessionid=") || - uri.startsWith(ctx + this.getLoginUrl() + "%3bjsessionid=") || - uri.startsWith(ctx + this.getLoginUrl() + "%3Bjsessionid=") || - uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/resources/images/logo1.png;jsessionid=")|| - uri.startsWith(ctx + "/resources/images/logo1.png%3bjsessionid=")|| - uri.startsWith(ctx + "/resources/images/logo1.png%3Bjsessionid=")|| - - uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml;jsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3bjsessionid=")|| - uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3Bjsessionid=")|| - - uri.startsWith(ctx + "/resources/images/logo.png;jsessionid=")|| - uri.startsWith(ctx + "/resources/images/logo.png%3bjsessionid=")|| - uri.startsWith(ctx + "/resources/images/logo.png%3Bjsessionid=")) { - return false; - } +// if(uri.startsWith(ctx + this.getLoginUrl() + ";jsessionid=") || +// uri.startsWith(ctx + this.getLoginUrl() + "%3bjsessionid=") || +// uri.startsWith(ctx + this.getLoginUrl() + "%3Bjsessionid=") || +// uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/mybootstrap.css.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/default.css.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/components.css.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery-plugins.js.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/jquery/jquery.js.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/core.js.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/extra.js.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/resources/images/logo1.png;jsessionid=")|| +// uri.startsWith(ctx + "/resources/images/logo1.png%3bjsessionid=")|| +// uri.startsWith(ctx + "/resources/images/logo1.png%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml;jsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3bjsessionid=")|| +// uri.startsWith(ctx + "/javax.faces.resource/components.js.xhtml%3Bjsessionid=")|| +// +// uri.startsWith(ctx + "/resources/images/logo.png;jsessionid=")|| +// uri.startsWith(ctx + "/resources/images/logo.png%3bjsessionid=")|| +// uri.startsWith(ctx + "/resources/images/logo.png%3Bjsessionid=")) { +// return false; +// } return SEMICOLON.stream().anyMatch(uri::contains); } return false; -- Gitblit v1.9.2