Notices
通知公告
This commit is contained in:
MaxKey
@@ -79,6 +79,10 @@ public class ApplicationConfig {
|
||||
@Value("${maxkey.maxkey.uri}")
|
||||
private String maxKeyUri;
|
||||
|
||||
@Value("${maxkey.notices.visible:false}")
|
||||
private boolean noticesVisible;
|
||||
|
||||
|
||||
public int getPort() {
|
||||
return port;
|
||||
}
|
||||
@@ -206,6 +210,14 @@ public class ApplicationConfig {
|
||||
this.sessionTimeout = sessionTimeout;
|
||||
}
|
||||
|
||||
public boolean isNoticesVisible() {
|
||||
return noticesVisible;
|
||||
}
|
||||
|
||||
public void setNoticesVisible(boolean noticesVisible) {
|
||||
this.noticesVisible = noticesVisible;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder builder = new StringBuilder();
|
||||
|
||||
153
maxkey-core/src/main/java/org/maxkey/domain/Notices.java
Normal file
153
maxkey-core/src/main/java/org/maxkey/domain/Notices.java
Normal file
@@ -0,0 +1,153 @@
|
||||
package org.maxkey.domain;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.GeneratedValue;
|
||||
import javax.persistence.GenerationType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.Table;
|
||||
|
||||
import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
|
||||
|
||||
@Entity
|
||||
@Table(name = "MXK_NOTICES")
|
||||
public class Notices extends JpaBaseDomain implements Serializable {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private static final long serialVersionUID = -652272084068874816L;
|
||||
|
||||
@Id
|
||||
@Column
|
||||
@GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid")
|
||||
protected String id;
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@Column
|
||||
private String title;
|
||||
|
||||
@Column
|
||||
private String content;
|
||||
|
||||
@Column
|
||||
private int status;
|
||||
|
||||
@Column
|
||||
protected String createdBy;
|
||||
@Column
|
||||
protected String createdDate;
|
||||
@Column
|
||||
protected String modifiedBy;
|
||||
@Column
|
||||
protected String modifiedDate;
|
||||
@Column
|
||||
protected String description;
|
||||
|
||||
|
||||
public Notices() {
|
||||
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(String id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getTitle() {
|
||||
return title;
|
||||
}
|
||||
|
||||
public void setTitle(String title) {
|
||||
this.title = title;
|
||||
}
|
||||
|
||||
public String getContent() {
|
||||
return content;
|
||||
}
|
||||
|
||||
public void setContent(String content) {
|
||||
this.content = content;
|
||||
}
|
||||
|
||||
public int getStatus() {
|
||||
return status;
|
||||
}
|
||||
|
||||
public void setStatus(int status) {
|
||||
this.status = status;
|
||||
}
|
||||
|
||||
public String getCreatedBy() {
|
||||
return createdBy;
|
||||
}
|
||||
|
||||
public void setCreatedBy(String createdBy) {
|
||||
this.createdBy = createdBy;
|
||||
}
|
||||
|
||||
public String getCreatedDate() {
|
||||
return createdDate;
|
||||
}
|
||||
|
||||
public void setCreatedDate(String createdDate) {
|
||||
this.createdDate = createdDate;
|
||||
}
|
||||
|
||||
public String getModifiedBy() {
|
||||
return modifiedBy;
|
||||
}
|
||||
|
||||
public void setModifiedBy(String modifiedBy) {
|
||||
this.modifiedBy = modifiedBy;
|
||||
}
|
||||
|
||||
public String getModifiedDate() {
|
||||
return modifiedDate;
|
||||
}
|
||||
|
||||
public void setModifiedDate(String modifiedDate) {
|
||||
this.modifiedDate = modifiedDate;
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder builder = new StringBuilder();
|
||||
builder.append("Notices [id=");
|
||||
builder.append(id);
|
||||
builder.append(", title=");
|
||||
builder.append(title);
|
||||
builder.append(", content=");
|
||||
builder.append(content);
|
||||
builder.append(", status=");
|
||||
builder.append(status);
|
||||
builder.append(", createdBy=");
|
||||
builder.append(createdBy);
|
||||
builder.append(", createdDate=");
|
||||
builder.append(createdDate);
|
||||
builder.append(", modifiedBy=");
|
||||
builder.append(modifiedBy);
|
||||
builder.append(", modifiedDate=");
|
||||
builder.append(modifiedDate);
|
||||
builder.append(", description=");
|
||||
builder.append(description);
|
||||
builder.append("]");
|
||||
return builder.toString();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -2,11 +2,13 @@ package org.maxkey.web;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Enumeration;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.commons.text.StringEscapeUtils;
|
||||
import org.slf4j.Logger;
|
||||
@@ -17,26 +19,44 @@ public class WebXssRequestFilter extends GenericFilterBean {
|
||||
|
||||
final static Logger _logger = LoggerFactory.getLogger(GenericFilterBean.class);
|
||||
|
||||
final static ConcurrentHashMap <String,String> skipUrlMap = new ConcurrentHashMap <String,String>();
|
||||
|
||||
static {
|
||||
skipUrlMap.put("/notices/add", "");
|
||||
skipUrlMap.put("/notices/update", "");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
_logger.trace("WebXssRequestFilter");
|
||||
|
||||
boolean isWebXss = false;
|
||||
Enumeration<String> parameterNames = request.getParameterNames();
|
||||
while (parameterNames.hasMoreElements()) {
|
||||
String key = (String) parameterNames.nextElement();
|
||||
String value = request.getParameter(key);
|
||||
_logger.trace("parameter name "+key +" , value " + value);
|
||||
String tempValue = value;
|
||||
if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
|
||||
||tempValue.toLowerCase().indexOf("script")>-1
|
||||
||tempValue.toLowerCase().replace(" ", "").indexOf("eval(")>-1) {
|
||||
isWebXss = true;
|
||||
_logger.error("parameter name "+key +" , value " + value
|
||||
+ ", contains dangerous content ! ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
HttpServletRequest request= ((HttpServletRequest)servletRequest);
|
||||
String requestURI=request.getRequestURI();
|
||||
_logger.trace("getContextPath " +request.getContextPath());
|
||||
_logger.trace("getRequestURL " + ((HttpServletRequest)request).getRequestURI());
|
||||
_logger.trace("URL " +requestURI.substring(request.getContextPath().length()));
|
||||
|
||||
if(skipUrlMap.containsKey(requestURI.substring(request.getContextPath().length()))) {
|
||||
isWebXss = false;
|
||||
}else {
|
||||
Enumeration<String> parameterNames = request.getParameterNames();
|
||||
while (parameterNames.hasMoreElements()) {
|
||||
String key = (String) parameterNames.nextElement();
|
||||
String value = request.getParameter(key);
|
||||
_logger.trace("parameter name "+key +" , value " + value);
|
||||
String tempValue = value;
|
||||
if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
|
||||
||tempValue.toLowerCase().indexOf("script")>-1
|
||||
||tempValue.toLowerCase().replace(" ", "").indexOf("eval(")>-1) {
|
||||
isWebXss = true;
|
||||
_logger.error("parameter name "+key +" , value " + value
|
||||
+ ", contains dangerous content ! ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if(!isWebXss) {
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user