我已经在tomcat上有第三方应用程序,它有XSS过滤器,当我添加我的过滤器和过滤器映射时,应用程序在尝试发送请求时不起作用。
<filter>
<filter-name>XSS</filter-name>
<filter-class>de.gauss.vip.contentexplorer.servlet.CrossScriptingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XSS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我尝试在过滤器之前/之后添加我的代码,但它不起作用,如何将过滤器添加到现有web.xml并仍然将请求转发给正确的服务器。以下是过滤器代码:
@WebFilter("/SecondFilter")
public class SecondFilter implements Filter {
public String decryptedString;
private static final String characterEncoding = "UTF-8";
Properties prop = new Properties();
InputStream input = null;
public String globalKey;
public String RedirectURL;
public String DN;
public String TYPE;
public String NAME;
public String NUMBER;
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
//chain.doFilter(req, res);
HttpServletRequest request = (HttpServletRequest) req;
String requestURI = request.getRequestURI();//contentexpplre
System.out.println("reuqestURI :"+requestURI); ///contentexplorer/servlet/VipDms/SSNdecrypt
String url = ((HttpServletRequest)request).getRequestURL().toString() +"?"+request.getQueryString();
System.out.println("URL :"+url);
if(url.contains("/VipDms"))
{
String toReplace =url.substring(118);//79 for localhost
//String toReplace = requestURI.substring(32,42);
System.out.println("toReplace :"+toReplace);
String queryString = ((HttpServletRequest)request).getQueryString();
System.out.println("queryString :"+queryString);
if (queryString!=null) {
//NUMBER = ((HttpServletRequest) request).getParameter("NUMBER");
System.out.println("Number parameter :"+toReplace);
DN = ((HttpServletRequest) request).getParameter("DN");
TYPE = ((HttpServletRequest) request).getParameter("TYPE");
NAME = ((HttpServletRequest) request).getParameter("NAME");
//NUMBER = ((HttpServletRequest) request).getParameter("NUMBER");
if(toReplace!=null){
//Code to load key from property file
try {
String filename = "Secretkey.properties";
input = SecondFilter.class.getClassLoader().getResourceAsStream(filename);
if(input==null){
System.out.println("Sorry, unable to find :" + filename);
return;
}
prop.load(input);
globalKey=prop.getProperty("Secretkey");
System.out.println("Global Key : "+globalKey);
} catch (IOException ex) {
ex.printStackTrace();
}
//Key loaded in code
byte[] clearText;
try {
clearText = AesEncryption.decryptBase64EncodedWithManagedIV(toReplace, globalKey);
decryptedString = new String(clearText,characterEncoding);
System.out.println("ClearText :" +decryptedString);
} catch (Exception e) {
e.printStackTrace();
}
//code ends to decrypt the SSN
//String newquerystring = "-NUMBER="+decryptedString;
//change the URL query string
String URL1 = url.replace(toReplace, decryptedString);
System.out.println("URL1 :"+URL1);
URL1 = "/servlet/VipDms?DN=Docview_Test&TYPE=OL&NAME=OLDNEW_GUL&-NUMBER=123456789";
req.getRequestDispatcher(URL1).forward(req, res);
}
else
{
chain.doFilter(req, res);
}
}
else{
chain.doFilter(req, res);
}
//Decrypt SSN
/** if (queryString!=null) {
//decryption completed and stored in decryptedString variable
/**System.out.println("queryString :"+queryString);
System.out.println("DN : "+DN);
System.out.println("TYPE : "+TYPE);
System.out.println("NAME : "+NAME);
System.out.println("S1/ NUMBER : "+NUMBER);
System.out.println("decrypted S1/ Number : "+decryptedString);
String newQuerystring = "VipDms?DN="+DN+"&TYPE="+TYPE+"&NAME="+NAME+"&-NUMBER="+decryptedString;
String URL1 = requestURI.replace(toReplace, newQuerystring);
System.out.println("URL1--"+URL1);
String decryptedQueryString = "/servlet/VipDms?DN="+DN+"&TYPE="+TYPE+"&NAME="+NAME+"&-NUMBER="+decryptedString;
System.out.println("decrypted string--"+decryptedQueryString);
// HttpServletResponse resp = (HttpServletResponse) res;
//resp.sendRedirect(Redirect);
req.getRequestDispatcher(decryptedQueryString).forward(req, res);
} else {
chain.doFilter(req, res);
}**/
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
}