Commit e47680ef by wuwenlong

防XSS注入&4j版本升级

parent 940cfd4d
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
<parent> <parent>
<artifactId>iplat4j-smart-boot-starter</artifactId> <artifactId>iplat4j-smart-boot-starter</artifactId>
<groupId>com.baosight.iplat4j</groupId> <groupId>com.baosight.iplat4j</groupId>
<version>1.0.8</version> <version>7.0.0</version>
</parent> </parent>
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
...@@ -95,7 +95,7 @@ ...@@ -95,7 +95,7 @@
<dependency> <dependency>
<groupId>com.baosight.iplat4j</groupId> <groupId>com.baosight.iplat4j</groupId>
<artifactId>redis-plugin</artifactId> <artifactId>redis-plugin</artifactId>
<version>1.0.8</version> <version>7.0.0</version>
</dependency> </dependency>
<!-- <dependency>--> <!-- <dependency>-->
<!-- <groupId>com.baosight.iplat4j</groupId>--> <!-- <groupId>com.baosight.iplat4j</groupId>-->
......
package com.baosight.hpjx.xss;
import com.baosight.iplat4j.core.web.filter.GetXssFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class XSSFilterConfig {
@Bean
GetXssFilter xssFilter() {
GetXssFilter xssFilter = new GetXssFilter();
return xssFilter;
}
@Bean
public FilterRegistrationBean xssFilterRegistrationBean(GetXssFilter xssFilter) {
FilterRegistrationBean registrationBean = new FilterRegistrationBean(xssFilter);
//
registrationBean.setOrder(-105);
return registrationBean;
}
}
\ No newline at end of file
...@@ -123,12 +123,12 @@ ...@@ -123,12 +123,12 @@
<link rel="shortcut icon" href="iplat.ico" type="image/x-icon"> <link rel="shortcut icon" href="iplat.ico" type="image/x-icon">
<link rel="stylesheet" id="css-main" href="${iPlatStaticURL}/iplatui/assets/css/iplat.ui.bootstrap.min.css"> <link rel="stylesheet" id="css-main" href="${iPlatStaticURL}/iplatui/assets/css/iplat.ui.bootstrap.min.css">
<link href="${iPlatStaticURL}/iPlatV6-login.css" rel="stylesheet" type="text/css"/> <link href="${iPlatStaticURL}/iPlatV7-login.css" rel="stylesheet" type="text/css"/>
<%--<link rel="stylesheet" type="text/css" href="${iPlatStaticURL}/iplatui/css/iplat.ui.ued.login.css">&lt;%&ndash;ued亮色样式&ndash;%&gt;--%> <%--<link rel="stylesheet" type="text/css" href="${iPlatStaticURL}/iplatui/css/iplat.ui.ued.login.css">&lt;%&ndash;ued亮色样式&ndash;%&gt;--%>
<script src="${iPlatStaticURL}/kendoui/js/jquery.min.js"></script> <script src="${iPlatStaticURL}/kendoui/js/jquery.min.js"></script>
<!--[if lte IE 8]> <!--[if lte IE 8]>
<link href="${iPlatStaticURL}/iPlatV6-login-ie.css" rel="stylesheet" type="text/css"/> <link href="${iPlatStaticURL}/iPlatV7-login-ie.css" rel="stylesheet" type="text/css"/>
<script src="${iPlatStaticURL}/iplatui/assets/js/polyfills/iplat.ui.ie8.polyfills.min.js"></script> <script src="${iPlatStaticURL}/iplatui/assets/js/polyfills/iplat.ui.ie8.polyfills.min.js"></script>
<![endif]--> <![endif]-->
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
<% <%
final Logger logger = LoggerFactory.getLogger("index"); final Logger logger = LoggerFactory.getLogger("index");
//门户插件跳转逻辑 //门户插件跳转逻辑
String loginName = UserSession.getLoginName(); String loginName = UserSession.getLoginName()==null? "admin":UserSession.getLoginName();
String userId = UserSession.getUserUuid(); String userId = UserSession.getUserUuid();
String url = ""; String url = "";
...@@ -51,17 +51,33 @@ ...@@ -51,17 +51,33 @@
HttpSession currentSession = request.getSession(); HttpSession currentSession = request.getSession();
String sessionTimeout= PlatApplicationContext.getProperty("iplat4j.ui.sessionTimeout"); String sessionTimeout= PlatApplicationContext.getProperty("iplat4j.ui.sessionTimeout");
if (!sessionTimeout.isEmpty()){ if (!sessionTimeout.isEmpty()){
if(-1==Integer.valueOf(sessionTimeout)){
currentSession.setMaxInactiveInterval(-1);
}else{
Integer sessionTimeoutNumber =Integer.valueOf(sessionTimeout)*60; Integer sessionTimeoutNumber =Integer.valueOf(sessionTimeout)*60;
currentSession.setMaxInactiveInterval(sessionTimeoutNumber); currentSession.setMaxInactiveInterval(sessionTimeoutNumber);
}
// 获取会话的最大非活动间隔时间(单位为秒) // 获取会话的最大非活动间隔时间(单位为秒)
int maxInactiveInterval = currentSession.getMaxInactiveInterval(); int maxInactiveInterval = currentSession.getMaxInactiveInterval();
int maxInactiveIntervalMinutes = maxInactiveInterval / 60; int maxInactiveIntervalMinutes = maxInactiveInterval / 60;
logger.info("获取会话的最大非活动间隔时间(单位为秒)!"+maxInactiveInterval);
} }
String ip="";
if (request.getHeader("x-forwarded-for") == null) {
ip=request.getRemoteAddr();
}else {
ip=request.getHeader("x-forwarded-for");
}
%> %>
<c:set var="url" value="<%=url%>"/> <c:set var="url" value="<%=url%>"/>
<c:set var="frameOpenWeb" value="<%=frameOpenWeb%>"/> <c:set var="frameOpenWeb" value="<%=frameOpenWeb%>"/>
<c:set var="frameOpenCname" value="<%=frameOpenCname%>"/> <c:set var="frameOpenCname" value="<%=frameOpenCname%>"/>
<c:set var="ip" value="<%=ip%>"/>
<html lang="zh"> <html lang="zh">
<head> <head>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
...@@ -81,9 +97,12 @@ ...@@ -81,9 +97,12 @@
console.log("redirect to " + url); console.log("redirect to " + url);
var userId = '<%=userId%>'; var userId = '<%=userId%>';
var loginName = '<%=loginName%>'; var loginName = '<%=loginName%>';
let ip = "${ip}";
sessionStorage.setItem("userId", userId); sessionStorage.setItem("userId", userId);
sessionStorage.setItem("loginName", loginName); sessionStorage.setItem("loginName", loginName);
sessionStorage.setItem("ip", ip);
if(url != null && url != "") { if(url != null && url != "") {
window.location.href = '${ctx}/web/' + url; window.location.href = '${ctx}/web/' + url;
sessionStorage.removeItem("frameOpenWeb"); sessionStorage.removeItem("frameOpenWeb");
...@@ -97,7 +116,7 @@ ...@@ -97,7 +116,7 @@
sessionStorage.removeItem("frameOpenCname"); sessionStorage.removeItem("frameOpenCname");
} }
window.location.href = '${ctx}/iPlatV6-index.jsp'; window.location.href = '${ctx}/iPlatV7-index.jsp';
} }
</script> </script>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment