防XSS注入&4j版本升级

pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>iplat4j-smart-boot-starter</artifactId>
         <groupId>com.baosight.iplat4j</groupId>
-        <version>1.0.8</version>
+        <version>7.0.0</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -95,7 +95,7 @@
         <dependency>
             <groupId>com.baosight.iplat4j</groupId>
             <artifactId>redis-plugin</artifactId>
-            <version>1.0.8</version>
+            <version>7.0.0</version>
         </dependency>
 <!--        <dependency>-->
 <!--            <groupId>com.baosight.iplat4j</groupId>-->

src/main/java/com/baosight/hpjx/xss/XSSFilterConfig.java

+package com.baosight.hpjx.xss;
+
+import com.baosight.iplat4j.core.web.filter.GetXssFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+@Configuration
+public class XSSFilterConfig {
+    @Bean
+    GetXssFilter xssFilter() {
+        GetXssFilter xssFilter = new GetXssFilter();
+        return xssFilter;
+    }
+    @Bean
+    public FilterRegistrationBean xssFilterRegistrationBean(GetXssFilter xssFilter) {
+        FilterRegistrationBean registrationBean = new FilterRegistrationBean(xssFilter);
+        //
+        registrationBean.setOrder(-105);
+        return registrationBean;
+    }
+}
\ No newline at end of file

src/main/resources/META-INF/resources/iPlatV6-login.jsp

@@ -123,12 +123,12 @@
 
     <link rel="shortcut icon" href="iplat.ico" type="image/x-icon">
     <link rel="stylesheet" id="css-main" href="${iPlatStaticURL}/iplatui/assets/css/iplat.ui.bootstrap.min.css">
-    <link href="${iPlatStaticURL}/iPlatV6-login.css" rel="stylesheet" type="text/css"/>
+    <link href="${iPlatStaticURL}/iPlatV7-login.css" rel="stylesheet" type="text/css"/>
     <%--<link rel="stylesheet" type="text/css"  href="${iPlatStaticURL}/iplatui/css/iplat.ui.ued.login.css">&lt;%&ndash;ued亮色样式&ndash;%&gt;--%>
     <script src="${iPlatStaticURL}/kendoui/js/jquery.min.js"></script>
 
     <!--[if lte IE 8]>
-    <link href="${iPlatStaticURL}/iPlatV6-login-ie.css" rel="stylesheet" type="text/css"/>
+    <link href="${iPlatStaticURL}/iPlatV7-login-ie.css" rel="stylesheet" type="text/css"/>
     <script src="${iPlatStaticURL}/iplatui/assets/js/polyfills/iplat.ui.ie8.polyfills.min.js"></script>
     <![endif]-->
 

src/main/webapp/index.jsp

@@ -14,7 +14,7 @@
 <%
     final Logger logger = LoggerFactory.getLogger("index");
     //门户插件跳转逻辑
-    String loginName = UserSession.getLoginName();
+    String loginName = UserSession.getLoginName()==null? "admin":UserSession.getLoginName();
     String userId = UserSession.getUserUuid();
 
     String url = "";
@@ -51,17 +51,33 @@
     HttpSession currentSession = request.getSession();
     String sessionTimeout= PlatApplicationContext.getProperty("iplat4j.ui.sessionTimeout");
     if (!sessionTimeout.isEmpty()){
-        Integer sessionTimeoutNumber =Integer.valueOf(sessionTimeout)*60;
-        currentSession.setMaxInactiveInterval(sessionTimeoutNumber);
+        if(-1==Integer.valueOf(sessionTimeout)){
+            currentSession.setMaxInactiveInterval(-1);
+        }else{
+            Integer sessionTimeoutNumber =Integer.valueOf(sessionTimeout)*60;
+            currentSession.setMaxInactiveInterval(sessionTimeoutNumber);
+        }
         // 获取会话的最大非活动间隔时间（单位为秒）
         int maxInactiveInterval = currentSession.getMaxInactiveInterval();
         int maxInactiveIntervalMinutes = maxInactiveInterval / 60;
+        logger.info("获取会话的最大非活动间隔时间（单位为秒）!"+maxInactiveInterval);
     }
+    String ip="";
+    if (request.getHeader("x-forwarded-for") == null) {
+        ip=request.getRemoteAddr();
+    }else {
+        ip=request.getHeader("x-forwarded-for");
+    }
+
+
+
 %>
 
 <c:set var="url" value="<%=url%>"/>
 <c:set var="frameOpenWeb" value="<%=frameOpenWeb%>"/>
 <c:set var="frameOpenCname" value="<%=frameOpenCname%>"/>
+<c:set var="ip" value="<%=ip%>"/>
+
 <html lang="zh">
 <head>
     <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
@@ -81,9 +97,12 @@
     console.log("redirect to " + url);
     var userId = '<%=userId%>';
     var loginName = '<%=loginName%>';
+    let ip = "${ip}";
 
     sessionStorage.setItem("userId", userId);
     sessionStorage.setItem("loginName", loginName);
+    sessionStorage.setItem("ip", ip);
+
     if(url != null && url != "") {
         window.location.href = '${ctx}/web/' + url;
         sessionStorage.removeItem("frameOpenWeb");
@@ -97,7 +116,7 @@
             sessionStorage.removeItem("frameOpenCname");
         }
 
-        window.location.href = '${ctx}/iPlatV6-index.jsp';
+        window.location.href = '${ctx}/iPlatV7-index.jsp';
 
     }
 </script>