从 Java (Spring) 过滤器中重定向浏览器中的 angular js 页面
Redirect angular js page in browser from Java (Spring) Filter
我在我的 Spring 引导应用程序中创建了一个 SQL 注入过滤器,它拦截每个请求并验证可能的 SQL 注入的输入。如果输入无效,那么我想将用户重定向回登录页面。使用我的代码,我可以看到通过 DevTools 进行的内部调用,但浏览器未重定向到指定页面。
过滤器
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURL().toString();
Enumeration<String> enumeration = request.getParameterNames();
while (enumeration.hasMoreElements()) {
String paramName = enumeration.nextElement();
String value = request.getParameter(paramName);
String sqlRegex =
"\b(ALTER\s+TABLE{0,1}|CREATE\s+TABLE{0,1}|DELETE\s+FROM{0,1}|DROP\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\s+INTO{0,1}|MERGE\s+INTO{0,1}|SELECT\s[0-9a-zA-Z_*]*\s+FROM{0,1}|UPDATE\s[0-9a-zA-Z_]*\s+SET{0,1}|UNION\n+ALL{0,1})\b";
int bufferOverflowLength = 4000;
if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find()) || value.length() >= bufferOverflowLength) {
HttpServletResponse resp = (HttpServletResponse) response;
String redirectUrl = req.getContextPath() + "/logout";
resp.setStatus(403);
resp.sendRedirect(redirectUrl);
return;
}
}
}
如何强制浏览器重定向到注销页面?
更新:
根据@buettner123 的评论,我已经在 Angular 中实现了一个 httpInterceptor,但它仍然无法拦截我来自 Filter 的请求。
Angular拦截器代码
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {
return {
'request': function (config) {
console.log("Request intercepted");
return config;
},
'responseError': function (rejection) {
console.log("Response Error Intercepted");
return $q.reject(rejection);
},
'response': function(response) {
// do something on success
console.log('I am done');
var status = response.status;
console.log(status);
return response;
}
};
}]);
在此处发布解决方案in-case其他人可能会遇到同样的问题
Filter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURL().toString();
System.out.println("url : " + url);
Enumeration<String> enumeration = request.getParameterNames();
while (enumeration.hasMoreElements()) {
String paramName = enumeration.nextElement();
String value = request.getParameter(paramName);
String sqlRegex =
"\b(ALTER\s+TABLE{0,1}|CREATE\s+TABLE{0,1}|DELETE\s+FROM{0,1}|DROP\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\s+INTO{0,1}|MERGE\s+INTO{0,1}|SELECT\s[0-9a-zA-Z_*]*\s+FROM{0,1}|UPDATE\s[0-9a-zA-Z_]*\s+SET{0,1}|UNION\n+ALL{0,1})\b";
if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find())) {
HttpSession session = req.getSession(false);
if (session != null)
session.invalidate();
HttpServletResponse resp = (HttpServletResponse) response;
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "SQL injection detected");
return;
}
}
}
main.js
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {
return {
'request': function (config) {
return config;
},
'responseError': function (rejection) {
if (rejection.status == 403 && rejection.data.includes("SQL injection")) {
console.log("Forbidden Resource");
window.location.href="redirect url";
}
return $q.reject(rejection);
},
'response': function(response) {
return response;
}
};}]);
确保js代码在config元素下
我在我的 Spring 引导应用程序中创建了一个 SQL 注入过滤器,它拦截每个请求并验证可能的 SQL 注入的输入。如果输入无效,那么我想将用户重定向回登录页面。使用我的代码,我可以看到通过 DevTools 进行的内部调用,但浏览器未重定向到指定页面。
过滤器
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURL().toString();
Enumeration<String> enumeration = request.getParameterNames();
while (enumeration.hasMoreElements()) {
String paramName = enumeration.nextElement();
String value = request.getParameter(paramName);
String sqlRegex =
"\b(ALTER\s+TABLE{0,1}|CREATE\s+TABLE{0,1}|DELETE\s+FROM{0,1}|DROP\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\s+INTO{0,1}|MERGE\s+INTO{0,1}|SELECT\s[0-9a-zA-Z_*]*\s+FROM{0,1}|UPDATE\s[0-9a-zA-Z_]*\s+SET{0,1}|UNION\n+ALL{0,1})\b";
int bufferOverflowLength = 4000;
if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find()) || value.length() >= bufferOverflowLength) {
HttpServletResponse resp = (HttpServletResponse) response;
String redirectUrl = req.getContextPath() + "/logout";
resp.setStatus(403);
resp.sendRedirect(redirectUrl);
return;
}
}
}
如何强制浏览器重定向到注销页面?
更新: 根据@buettner123 的评论,我已经在 Angular 中实现了一个 httpInterceptor,但它仍然无法拦截我来自 Filter 的请求。
Angular拦截器代码
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {
return {
'request': function (config) {
console.log("Request intercepted");
return config;
},
'responseError': function (rejection) {
console.log("Response Error Intercepted");
return $q.reject(rejection);
},
'response': function(response) {
// do something on success
console.log('I am done');
var status = response.status;
console.log(status);
return response;
}
};
}]);
在此处发布解决方案in-case其他人可能会遇到同样的问题
Filter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURL().toString();
System.out.println("url : " + url);
Enumeration<String> enumeration = request.getParameterNames();
while (enumeration.hasMoreElements()) {
String paramName = enumeration.nextElement();
String value = request.getParameter(paramName);
String sqlRegex =
"\b(ALTER\s+TABLE{0,1}|CREATE\s+TABLE{0,1}|DELETE\s+FROM{0,1}|DROP\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\s+INTO{0,1}|MERGE\s+INTO{0,1}|SELECT\s[0-9a-zA-Z_*]*\s+FROM{0,1}|UPDATE\s[0-9a-zA-Z_]*\s+SET{0,1}|UNION\n+ALL{0,1})\b";
if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find())) {
HttpSession session = req.getSession(false);
if (session != null)
session.invalidate();
HttpServletResponse resp = (HttpServletResponse) response;
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "SQL injection detected");
return;
}
}
}
main.js
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {
return {
'request': function (config) {
return config;
},
'responseError': function (rejection) {
if (rejection.status == 403 && rejection.data.includes("SQL injection")) {
console.log("Forbidden Resource");
window.location.href="redirect url";
}
return $q.reject(rejection);
},
'response': function(response) {
return response;
}
};}]);
确保js代码在config元素下