自定义xss校验注解实现
This commit is contained in:
		
							parent
							
								
									e1c7115d8c
								
							
						
					
					
						commit
						d365a52cd6
					
				| @ -2,9 +2,7 @@ package com.ruoyi.common.core.domain.entity; | ||||
| 
 | ||||
| import java.util.Date; | ||||
| import java.util.List; | ||||
| import javax.validation.constraints.Email; | ||||
| import javax.validation.constraints.NotBlank; | ||||
| import javax.validation.constraints.Size; | ||||
| import javax.validation.constraints.*; | ||||
| import org.apache.commons.lang3.builder.ToStringBuilder; | ||||
| import org.apache.commons.lang3.builder.ToStringStyle; | ||||
| import com.fasterxml.jackson.annotation.JsonIgnore; | ||||
| @ -14,6 +12,7 @@ import com.ruoyi.common.annotation.Excel.ColumnType; | ||||
| import com.ruoyi.common.annotation.Excel.Type; | ||||
| import com.ruoyi.common.annotation.Excels; | ||||
| import com.ruoyi.common.core.domain.BaseEntity; | ||||
| import com.ruoyi.common.xss.Xss; | ||||
| 
 | ||||
| /** | ||||
|  * 用户对象 sys_user | ||||
| @ -135,6 +134,7 @@ public class SysUser extends BaseEntity | ||||
|         this.deptId = deptId; | ||||
|     } | ||||
| 
 | ||||
|     @Xss(message = "用户昵称不能包含脚本字符") | ||||
|     @Size(min = 0, max = 30, message = "用户昵称长度不能超过30个字符") | ||||
|     public String getNickName() | ||||
|     { | ||||
| @ -146,6 +146,7 @@ public class SysUser extends BaseEntity | ||||
|         this.nickName = nickName; | ||||
|     } | ||||
| 
 | ||||
|     @Xss(message = "用户账号不能包含脚本字符") | ||||
|     @NotBlank(message = "用户账号不能为空") | ||||
|     @Size(min = 0, max = 30, message = "用户账号长度不能超过30个字符") | ||||
|     public String getUserName() | ||||
|  | ||||
| @ -0,0 +1,24 @@ | ||||
| package com.ruoyi.common.utils.bean; | ||||
| 
 | ||||
| import java.util.Set; | ||||
| import javax.validation.ConstraintViolation; | ||||
| import javax.validation.ConstraintViolationException; | ||||
| import javax.validation.Validator; | ||||
| 
 | ||||
| /** | ||||
|  * bean对象属性验证 | ||||
|  *  | ||||
|  * @author ruoyi | ||||
|  */ | ||||
| public class BeanValidators | ||||
| { | ||||
|     public static void validateWithException(Validator validator, Object object, Class<?>... groups) | ||||
|             throws ConstraintViolationException | ||||
|     { | ||||
|         Set<ConstraintViolation<Object>> constraintViolations = validator.validate(object, groups); | ||||
|         if (!constraintViolations.isEmpty()) | ||||
|         { | ||||
|             throw new ConstraintViolationException(constraintViolations); | ||||
|         } | ||||
|     } | ||||
| } | ||||
							
								
								
									
										27
									
								
								ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,27 @@ | ||||
| package com.ruoyi.common.xss; | ||||
| 
 | ||||
| import javax.validation.Constraint; | ||||
| import javax.validation.Payload; | ||||
| import java.lang.annotation.ElementType; | ||||
| import java.lang.annotation.Retention; | ||||
| import java.lang.annotation.RetentionPolicy; | ||||
| import java.lang.annotation.Target; | ||||
| 
 | ||||
| /** | ||||
|  * 自定义xss校验注解 | ||||
|  *  | ||||
|  * @author ruoyi | ||||
|  */ | ||||
| @Retention(RetentionPolicy.RUNTIME) | ||||
| @Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER }) | ||||
| @Constraint(validatedBy = { XssValidator.class }) | ||||
| public @interface Xss | ||||
| { | ||||
|     String message() | ||||
| 
 | ||||
|     default "不允许任何脚本运行"; | ||||
| 
 | ||||
|     Class<?>[] groups() default {}; | ||||
| 
 | ||||
|     Class<? extends Payload>[] payload() default {}; | ||||
| } | ||||
| @ -0,0 +1,29 @@ | ||||
| package com.ruoyi.common.xss; | ||||
| 
 | ||||
| import javax.validation.ConstraintValidator; | ||||
| import javax.validation.ConstraintValidatorContext; | ||||
| import java.util.regex.Matcher; | ||||
| import java.util.regex.Pattern; | ||||
| 
 | ||||
| /** | ||||
|  * 自定义xss校验注解实现 | ||||
|  *  | ||||
|  * @author ruoyi | ||||
|  */ | ||||
| public class XssValidator implements ConstraintValidator<Xss, String> | ||||
| { | ||||
|     private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />"; | ||||
| 
 | ||||
|     @Override | ||||
|     public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) | ||||
|     { | ||||
|         return !containsHtml(value); | ||||
|     } | ||||
| 
 | ||||
|     public boolean containsHtml(String value) | ||||
|     { | ||||
|         Pattern pattern = Pattern.compile(HTML_PATTERN); | ||||
|         Matcher matcher = pattern.matcher(value); | ||||
|         return matcher.matches(); | ||||
|     } | ||||
| } | ||||
| @ -5,6 +5,7 @@ import javax.validation.constraints.Size; | ||||
| import org.apache.commons.lang3.builder.ToStringBuilder; | ||||
| import org.apache.commons.lang3.builder.ToStringStyle; | ||||
| import com.ruoyi.common.core.domain.BaseEntity; | ||||
| import com.ruoyi.common.xss.Xss; | ||||
| 
 | ||||
| /** | ||||
|  * 通知公告表 sys_notice | ||||
| @ -45,6 +46,7 @@ public class SysNotice extends BaseEntity | ||||
|         this.noticeTitle = noticeTitle; | ||||
|     } | ||||
| 
 | ||||
|     @Xss(message = "公告标题不能包含脚本字符") | ||||
|     @NotBlank(message = "公告标题不能为空") | ||||
|     @Size(min = 0, max = 50, message = "公告标题不能超过50个字符") | ||||
|     public String getNoticeTitle() | ||||
|  | ||||
| @ -3,6 +3,7 @@ package com.ruoyi.system.service.impl; | ||||
| import java.util.ArrayList; | ||||
| import java.util.List; | ||||
| import java.util.stream.Collectors; | ||||
| import javax.validation.Validator; | ||||
| import org.slf4j.Logger; | ||||
| import org.slf4j.LoggerFactory; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| @ -16,6 +17,7 @@ import com.ruoyi.common.core.domain.entity.SysUser; | ||||
| import com.ruoyi.common.exception.ServiceException; | ||||
| import com.ruoyi.common.utils.SecurityUtils; | ||||
| import com.ruoyi.common.utils.StringUtils; | ||||
| import com.ruoyi.common.utils.bean.BeanValidators; | ||||
| import com.ruoyi.common.utils.spring.SpringUtils; | ||||
| import com.ruoyi.system.domain.SysPost; | ||||
| import com.ruoyi.system.domain.SysUserPost; | ||||
| @ -56,6 +58,9 @@ public class SysUserServiceImpl implements ISysUserService | ||||
|     @Autowired | ||||
|     private ISysConfigService configService; | ||||
| 
 | ||||
|     @Autowired | ||||
|     protected Validator validator; | ||||
| 
 | ||||
|     /** | ||||
|      * 根据条件分页查询用户列表 | ||||
|      *  | ||||
| @ -513,6 +518,7 @@ public class SysUserServiceImpl implements ISysUserService | ||||
|                 SysUser u = userMapper.selectUserByUserName(user.getUserName()); | ||||
|                 if (StringUtils.isNull(u)) | ||||
|                 { | ||||
|                     BeanValidators.validateWithException(validator, user); | ||||
|                     user.setPassword(SecurityUtils.encryptPassword(password)); | ||||
|                     user.setCreateBy(operName); | ||||
|                     this.insertUser(user); | ||||
| @ -521,6 +527,7 @@ public class SysUserServiceImpl implements ISysUserService | ||||
|                 } | ||||
|                 else if (isUpdateSupport) | ||||
|                 { | ||||
|                     BeanValidators.validateWithException(validator, user); | ||||
|                     user.setUpdateBy(operName); | ||||
|                     this.updateUser(user); | ||||
|                     successNum++; | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 RuoYi
						RuoYi