struts2 拦截器修改request的parameters参数失败
为了解决struts2的xss(跨站脚本攻击)问题,我打算用struts2自带的拦截器来过滤所有由request传递来的参数。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<? xml version = "1.0" encoding = "UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd"> < struts > <!-- 配置一系列常量,非必须 --> < constant name = "struts.i18n.encoding" value = "UTF-8" /> <!-- constant name="struts.devMode" value="true"/ --> < constant name = "struts.enable.DynamicMethodInvocation" value = "false" /> < constant name = "struts.objectFactory.spring.autoWire" value = "auto" ></ constant > < constant name = "struts.multipart.saveDir" value = "/tmp" /> < package name = "default" namespace = "/" extends = "struts-default, json-default" > <!-- 配置拦截器 --> < interceptors > <!-- 定义xss拦截器 --> < interceptor name = "xssInterceptor" class = "xx.xx.xx(此处填写拦截器对应的类)" ></ interceptor > <!-- 定义一个包含xss拦截的拦截栈 --> < interceptor-stack name = "myDefault" > < interceptor-ref name = "xssInterceptor" ></ interceptor-ref > < interceptor-ref name = "defaultStack" ></ interceptor-ref > </ interceptor-stack > </ interceptors > <!-- 这个必须配置,否则拦截器不生效 --> < default-interceptor-ref name = "myDefault" ></ default-interceptor-ref > </ package > </ struts > |
一开始我配置的拦截栈是这样的
1
2
3
4
|
< interceptor-stack name = "myDefault" > < interceptor-ref name = "defaultStack" ></ interceptor-ref > < interceptor-ref name = "xssInterceptor" </interceptor-ref> </ interceptor-stack > |
发现我执行过滤的那个类被执行了,但是action中注入的值没有更改
只需要把顺序换一下就好了。
修改指定拦截器的参数(Struts2)
1
2
3
4
5
6
7
8
9
|
<!-- 修改prepareInterceptor的alwaysInvokePrepare属性值为false --> < interceptors > < interceptor-stack name = "atzhu" >//自定义的拦截器栈名。 < interceptor-ref name = "paramsPrepareParamsStack" > < param name = "prepare.alwaysInvokePrepare" >false</ param > </ interceptor-ref > </ interceptor-stack > </ interceptors > < default-interceptor-ref name = "atzhu" /> |
以上为个人经验,希望能给大家一个参考,也希望大家多多支持服务器之家。
原文链接:https://blog.csdn.net/huplion/article/details/49000309