【7.1.5】xss过滤器增加针对context-path的过滤

2021-10-13 10:20:03 +08:00 · 2021-10-13 10:20:03 +08:00 · 842ea15560
parent 4565482608
commit 842ea15560
2 changed files with 2 additions and 2 deletions
--- a/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/xss/XssFilter.java
+++ b/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/xss/XssFilter.java
@ -62,7 +62,7 @@ public class XssFilter implements Filter {
        if (xssProperties != null &&
                ObjectUtil.isNotEmpty(xssProperties.getUrlExclusion())) {
            for (String exclusion : xssProperties.getUrlExclusion()) {
-                if (antPathMatcher.match(contextPath + exclusion, servletPath)) {
+                if (antPathMatcher.match(contextPath + exclusion, contextPath + servletPath)) {
                    chain.doFilter(request, response);
                    return;
                }
--- a/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/xss/XssJacksonDeserializer.java
+++ b/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/xss/XssJacksonDeserializer.java
@ -59,7 +59,7 @@ public class XssJacksonDeserializer extends JsonDeserializer<String> {
        if (xssProperties != null &&
                ObjectUtil.isNotEmpty(xssProperties.getUrlExclusion())) {
            for (String exclusion : xssProperties.getUrlExclusion()) {
-                if (antPathMatcher.match(contextPath + exclusion, servletPath)) {
+                if (antPathMatcher.match(contextPath + exclusion, contextPath + servletPath)) {
                    return jsonParser.getText();
                }
            }