cn.twelvet.xss.core.XssCleanInterceptor Maven / Gradle / Ivy
package cn.twelvet.xss.core;
import cn.hutool.core.util.ArrayUtil;
import cn.twelvet.xss.annotation.XssCleanIgnore;
import cn.twelvet.xss.config.XssProperties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
/**
* xss 处理拦截器
*
* @author twelvet
*/
public class XssCleanInterceptor implements AsyncHandlerInterceptor {
private final XssProperties xssProperties;
/**
* @param xssProperties XssProperties
*/
public XssCleanInterceptor(XssProperties xssProperties) {
this.xssProperties = xssProperties;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 1. 非控制器请求直接跳出
if (!(handler instanceof HandlerMethod)) {
return true;
}
// 2. 没有开启
if (!xssProperties.isEnabled()) {
return true;
}
// 3. 处理 XssIgnore 注解
HandlerMethod handlerMethod = (HandlerMethod) handler;
XssCleanIgnore xssCleanIgnore = AnnotationUtils.getAnnotation(handlerMethod.getMethod(), XssCleanIgnore.class);
if (xssCleanIgnore == null) {
XssHolder.setEnable();
}
else if (ArrayUtil.isNotEmpty(xssCleanIgnore.value())) {
XssHolder.setEnable();
XssHolder.setXssCleanIgnore(xssCleanIgnore);
}
return true;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
XssHolder.remove();
}
@Override
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
XssHolder.remove();
}
}