mirror of
https://github.com/continew-org/continew-starter.git
synced 2025-09-08 07:01:37 +08:00
feat(security/xss): 新增 XSS 过滤模块(原 web 模块内组件)
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>top.continew</groupId>
|
||||
<artifactId>continew-starter-security</artifactId>
|
||||
<version>${revision}</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>continew-starter-security-xss</artifactId>
|
||||
<description>ContiNew Starter 安全模块 - XSS 过滤模块</description>
|
||||
|
||||
<dependencies>
|
||||
<!-- Web 模块 -->
|
||||
<dependency>
|
||||
<groupId>top.continew</groupId>
|
||||
<artifactId>continew-starter-web</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
@@ -14,8 +14,11 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.starter.web.autoconfigure.xss;
|
||||
package top.continew.starter.security.xss.autoconfigure;
|
||||
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.boot.autoconfigure.AutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
@@ -23,6 +26,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import top.continew.starter.core.constant.PropertiesConstants;
|
||||
import top.continew.starter.security.xss.filter.XssFilter;
|
||||
|
||||
/**
|
||||
* XSS 过滤自动配置
|
||||
@@ -33,9 +37,11 @@ import top.continew.starter.core.constant.PropertiesConstants;
|
||||
@AutoConfiguration
|
||||
@ConditionalOnWebApplication
|
||||
@EnableConfigurationProperties(XssProperties.class)
|
||||
@ConditionalOnProperty(prefix = PropertiesConstants.WEB_XSS, name = PropertiesConstants.ENABLED, havingValue = "true")
|
||||
@ConditionalOnProperty(prefix = PropertiesConstants.SECURITY_XSS, name = PropertiesConstants.ENABLED, havingValue = "true")
|
||||
public class XssAutoConfiguration {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(XssAutoConfiguration.class);
|
||||
|
||||
/**
|
||||
* XSS 过滤器配置
|
||||
*/
|
||||
@@ -45,4 +51,9 @@ public class XssAutoConfiguration {
|
||||
registrationBean.setFilter(new XssFilter(xssProperties));
|
||||
return registrationBean;
|
||||
}
|
||||
|
||||
@PostConstruct
|
||||
public void postConstruct() {
|
||||
log.debug("[ContiNew Starter] - Auto Configuration 'Security-XSS' completed initialization.");
|
||||
}
|
||||
}
|
||||
@@ -14,11 +14,11 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.starter.web.autoconfigure.xss;
|
||||
package top.continew.starter.security.xss.autoconfigure;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import top.continew.starter.core.constant.PropertiesConstants;
|
||||
import top.continew.starter.web.enums.XssMode;
|
||||
import top.continew.starter.security.xss.enums.XssMode;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -29,7 +29,7 @@ import java.util.List;
|
||||
* @author whhya
|
||||
* @since 2.0.0
|
||||
*/
|
||||
@ConfigurationProperties(PropertiesConstants.WEB_XSS)
|
||||
@ConfigurationProperties(PropertiesConstants.SECURITY_XSS)
|
||||
public class XssProperties {
|
||||
|
||||
/**
|
||||
@@ -14,7 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.starter.web.enums;
|
||||
package top.continew.starter.security.xss.enums;
|
||||
|
||||
/**
|
||||
* XSS 模式枚举
|
||||
@@ -14,13 +14,14 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.starter.web.autoconfigure.xss;
|
||||
package top.continew.starter.security.xss.filter;
|
||||
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import jakarta.servlet.*;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import top.continew.starter.security.xss.autoconfigure.XssProperties;
|
||||
import top.continew.starter.web.util.SpringWebUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
@@ -14,7 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.starter.web.autoconfigure.xss;
|
||||
package top.continew.starter.security.xss.filter;
|
||||
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.io.IoUtil;
|
||||
@@ -29,7 +29,8 @@ import jakarta.servlet.ServletInputStream;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequestWrapper;
|
||||
import top.continew.starter.core.constant.StringConstants;
|
||||
import top.continew.starter.web.enums.XssMode;
|
||||
import top.continew.starter.security.xss.autoconfigure.XssProperties;
|
||||
import top.continew.starter.security.xss.enums.XssMode;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.ByteArrayInputStream;
|
||||
@@ -0,0 +1 @@
|
||||
top.continew.starter.security.xss.autoconfigure.XssAutoConfiguration
|
||||
@@ -18,6 +18,7 @@
|
||||
<module>continew-starter-security-mask</module>
|
||||
<module>continew-starter-security-crypto</module>
|
||||
<module>continew-starter-security-sensitivewords</module>
|
||||
<module>continew-starter-security-xss</module>
|
||||
</modules>
|
||||
|
||||
<dependencies>
|
||||
|
||||
Reference in New Issue
Block a user