英文:
Redirect angular js page in browser from Java (Spring) Filter
问题
我在我的Spring Boot应用程序中创建了一个SQL注入过滤器,它会拦截每个请求并验证可能受到SQL注入的输入。如果输入无效,我想将用户重定向回登录页面。使用我的代码,我可以看到通过DevTools进行了内部调用,但浏览器未重定向到指定页面。过滤器:public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;String url = req.getRequestURL().toString();Enumeration<String> enumeration = request.getParameterNames();while (enumeration.hasMoreElements()) {String paramName = enumeration.nextElement();String value = request.getParameter(paramName);String sqlRegex ="\\b(ALTER\\s+TABLE{0,1}|CREATE\\s+TABLE{0,1}|DELETE\\s+FROM{0,1}|DROP\\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\\s+INTO{0,1}|MERGE\\s+INTO{0,1}|SELECT\\s[0-9a-zA-Z_*]*\\s+FROM{0,1}|UPDATE\\s[0-9a-zA-Z_]*\\s+SET{0,1}|UNION\\n+ALL{0,1})\\b";int bufferOverflowLength = 4000;if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find()) || value.length() >= bufferOverflowLength) {HttpServletResponse resp = (HttpServletResponse) response;String redirectUrl = req.getContextPath() + "/logout";resp.setStatus(403);resp.sendRedirect(redirectUrl);return;}}}
如何强制浏览器重定向到登出页面?更新:根据@buettner123的评论,我在Angular中实现了一个httpInterceptor,但仍无法拦截我的来自过滤器的请求。Angular拦截器代码:$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {return {'request': function (config) {console.log("Request intercepted");return config;},'responseError': function (rejection) {console.log("Response Error Intercepted");return $q.reject(rejection);},'response': function(response) {// 在成功时执行一些操作console.log('我完成了');var status = response.status;console.log(status);return response;}};}]);
英文:
I have created an SQL injection filter in my Spring Boot application that intercepts each request and validates input for a possible SQL injection. If input is invalid, then I want to redirect user back to login page. With my code, I can see internal call being made through DevTools but browser is not redirecting to specified page.
Filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;String url = req.getRequestURL().toString();Enumeration<String> enumeration = request.getParameterNames();while (enumeration.hasMoreElements()) {String paramName = enumeration.nextElement();String value = request.getParameter(paramName);String sqlRegex ="\\b(ALTER\\s+TABLE{0,1}|CREATE\\s+TABLE{0,1}|DELETE\\s+FROM{0,1}|DROP\\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\\s+INTO{0,1}|MERGE\\s+INTO{0,1}|SELECT\\s[0-9a-zA-Z_*]*\\s+FROM{0,1}|UPDATE\\s[0-9a-zA-Z_]*\\s+SET{0,1}|UNION\\n+ALL{0,1})\\b";int bufferOverflowLength = 4000;if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find()) || value.length() >= bufferOverflowLength) {HttpServletResponse resp = (HttpServletResponse) response;String redirectUrl = req.getContextPath() + "/logout";resp.setStatus(403);resp.sendRedirect(redirectUrl);return;}}
}
How can I force browser to redirect to logout page?
Update:
As per @buettner123's comment, I have implemented an httpInterceptor in Angular, but that is still unable to intercept my request from Filter.
Angular Interceptor code
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {return {'request': function (config) {console.log("Request intercepted");return config;},'responseError': function (rejection) {console.log("Response Error Intercepted");return $q.reject(rejection);},'response': function(response) {// do something on successconsole.log('I am done');var status = response.status;console.log(status);return response;}};}]);
答案1
得分: 0
以下是您提供的内容的翻译:
在此处发布解决方案,以防其他人可能遇到相同的问题
Filter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;String url = req.getRequestURL().toString();System.out.println("url : " + url);Enumeration<String> enumeration = request.getParameterNames();while (enumeration.hasMoreElements()) {String paramName = enumeration.nextElement();String value = request.getParameter(paramName);String sqlRegex ="\\b(ALTER\\s+TABLE{0,1}|CREATE\\s+TABLE{0,1}|DELETE\\s+FROM{0,1}|DROP\\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\\s+INTO{0,1}|MERGE\\s+INTO{0,1}|SELECT\\s[0-9a-zA-Z_*]*\\s+FROM{0,1}|UPDATE\\s[0-9a-zA-Z_]*\\s+SET{0,1}|UNION\\n+ALL{0,1})\\b";if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find())) {HttpSession session = req.getSession(false);if (session != null)session.invalidate();HttpServletResponse resp = (HttpServletResponse) response;resp.sendError(HttpServletResponse.SC_FORBIDDEN, "SQL注入检测到");return;}}}
main.js
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {return {'request': function (config) {return config;},'responseError': function (rejection) {if (rejection.status == 403 && rejection.data.includes("SQL注入")) {console.log("禁止访问资源");window.location.href = "重定向URL";}return $q.reject(rejection);},'response': function(response) {return response;}};}]);
确保将 JavaScript 代码放在配置元素下。
英文:
Posting the solution here in-case someone else might find themselves with the same problem
Filter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;String url = req.getRequestURL().toString();System.out.println("url : " + url);Enumeration<String> enumeration = request.getParameterNames();while (enumeration.hasMoreElements()) {String paramName = enumeration.nextElement();String value = request.getParameter(paramName);String sqlRegex ="\\b(ALTER\\s+TABLE{0,1}|CREATE\\s+TABLE{0,1}|DELETE\\s+FROM{0,1}|DROP\\s+TABLE{0,1}|EXEC(UTE){0,1}|INSERT\\s+INTO{0,1}|MERGE\\s+INTO{0,1}|SELECT\\s[0-9a-zA-Z_*]*\\s+FROM{0,1}|UPDATE\\s[0-9a-zA-Z_]*\\s+SET{0,1}|UNION\\n+ALL{0,1})\\b";if (value != null && (Pattern.compile(sqlRegex).matcher(value.toUpperCase()).find())) {HttpSession session = req.getSession(false);if (session != null)session.invalidate();HttpServletResponse resp = (HttpServletResponse) response;resp.sendError(HttpServletResponse.SC_FORBIDDEN, "SQL injection detected");return;}}
}
main.js
$httpProvider.interceptors.push(['$location', '$injector', '$q', function ($location, $injector, $q) {return {'request': function (config) {return config;},'responseError': function (rejection) {if (rejection.status == 403 && rejection.data.includes("SQL injection")) {console.log("Forbidden Resource");window.location.href="redirect url";}return $q.reject(rejection);},'response': function(response) {return response;}};}]);
Make sure js code is under config element
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论