如何解决从JavaSpring过滤器中重定向浏览器中的Angular js页面
我在Spring Boot应用程序中创建了一个SQL注入过滤器,该过滤器拦截每个请求并验证可能的SQL注入的输入。如果输入无效,那么我想将用户重定向回登录页面。通过我的代码,我可以看到通过DevTools进行的内部调用,但是浏览器没有重定向到指定页面。
过滤器
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURL().toString();
Enumeration<String> enumeration = request.getParameterNames();
while (enumeration.hasMoreElements()) {
String paramName = enumeration.nextElement();
String value = request.getParameter(paramName);
String sqlRegex =
"\\b(ALTER\\s+TABLE{0,1}|CREATE\\s+TABLE{0,1}|DELETE\\s+FROM{0,1}|DROP\\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\\s+INTO{0,1}|MERGE\\s+INTO{0,1}|SELECT\\s[0-9a-zA-Z_*]*\\s+FROM{0,1}|UPDATE\\s[0-9a-zA-Z_]*\\s+SET{0,1}|UNION\\n+ALL{0,1})\\b";
int bufferOverflowLength = 4000;
if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find()) || value.length() >= bufferOverflowLength) {
HttpServletResponse resp = (HttpServletResponse) response;
String redirectUrl = req.getContextPath() + "/logout";
resp.setStatus(403);
resp.sendRedirect(redirectUrl);
return;
}
}
}
如何强制浏览器重定向到注销页面?
更新: 根据@ buettner123的评论,我已经在Angular中实现了httpInterceptor,但是仍然无法拦截来自Filter的请求。
角度拦截器代码
$httpProvider.interceptors.push(['$location','$injector','$q',function ($location,$injector,$q) {
return {
'request': function (config) {
console.log("Request intercepted");
return config;
},'responseError': function (rejection) {
console.log("Response Error Intercepted");
return $q.reject(rejection);
},'response': function(response) {
// do something on success
console.log('I am done');
var status = response.status;
console.log(status);
return response;
}
};
}]);
解决方法
在其他人可能遇到相同问题的情况下,将解决方案发布到此处
Filter.java
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURL().toString();
System.out.println("url : " + url);
Enumeration<String> enumeration = request.getParameterNames();
while (enumeration.hasMoreElements()) {
String paramName = enumeration.nextElement();
String value = request.getParameter(paramName);
String sqlRegex =
"\\b(ALTER\\s+TABLE{0,1}|CREATE\\s+TABLE{0,1}|DELETE\\s+FROM{0,1}|DROP\\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\\s+INTO{0,1}|MERGE\\s+INTO{0,1}|SELECT\\s[0-9a-zA-Z_*]*\\s+FROM{0,1}|UPDATE\\s[0-9a-zA-Z_]*\\s+SET{0,1}|UNION\\n+ALL{0,1})\\b";
if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find())) {
HttpSession session = req.getSession(false);
if (session != null)
session.invalidate();
HttpServletResponse resp = (HttpServletResponse) response;
resp.sendError(HttpServletResponse.SC_FORBIDDEN,"SQL injection detected");
return;
}
}
}
main.js
$httpProvider.interceptors.push(['$location','$injector','$q',function ($location,$injector,$q) {
return {
'request': function (config) {
return config;
},'responseError': function (rejection) {
if (rejection.status == 403 && rejection.data.includes("SQL injection")) {
console.log("Forbidden Resource");
window.location.href="redirect url";
}
return $q.reject(rejection);
},'response': function(response) {
return response;
}
};}]);
确保js代码在config元素下
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。