过滤器解决Struts2重定向漏洞

编写过滤器控制类

package cn.csservice.cssdj.action.filter;import java.io.IOException;import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/*** 自定义过滤器:* 解决struts2重定向开放漏洞* @author shenqz**/ public class MyFilter implements Filter{@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void doFilter(ServletRequest requ, ServletResponse resp,FilterChain chain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) requ;HttpServletResponse response = (HttpServletResponse) resp;//获取urlStringBuffer url = request.getRequestURL();//获取参数String param = request.getQueryString();if(request.getQueryString() != null){String path = null;int index = param.indexOf("redirect");if(index > 0){path = url.append("?"+param.substring(0, index)).toString();int index2 = path.lastIndexOf("&");if(index2 != -1){response.sendRedirect(path.substring(0, path.length()-1));return;}else{response.sendRedirect(path);return;}}else if(index == 0){response.sendRedirect(url.toString());return;}}chain.doFilter(request, response);}@Overridepublic void destroy() {}}

在web.xml中配置过滤器

<!-- 解决struts2重定向开放漏洞 --><filter><filter-name>myfilter</filter-name><filter-class>cn.csservice.cssdj.action.filter.MyFilter</filter-class></filter><filter-mapping><filter-name>myfilter</filter-name><url-pattern>*.action</url-pattern></filter-mapping>

 

转载于:https://www.cnblogs.com/shenqz/p/7232455.html

《新程序员》：云原生和全面数字化实践50位技术专家共同创作，文字、视频、音频交互阅读

总结

以上是生活随笔为你收集整理的过滤器解决Struts2重定向漏洞的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。