自定义xss校验注解实现
This commit is contained in:
parent
e1c7115d8c
commit
d365a52cd6
@ -2,9 +2,7 @@ package com.ruoyi.common.core.domain.entity;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import javax.validation.constraints.Email;
|
||||
import javax.validation.constraints.NotBlank;
|
||||
import javax.validation.constraints.Size;
|
||||
import javax.validation.constraints.*;
|
||||
import org.apache.commons.lang3.builder.ToStringBuilder;
|
||||
import org.apache.commons.lang3.builder.ToStringStyle;
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
@ -14,6 +12,7 @@ import com.ruoyi.common.annotation.Excel.ColumnType;
|
||||
import com.ruoyi.common.annotation.Excel.Type;
|
||||
import com.ruoyi.common.annotation.Excels;
|
||||
import com.ruoyi.common.core.domain.BaseEntity;
|
||||
import com.ruoyi.common.xss.Xss;
|
||||
|
||||
/**
|
||||
* 用户对象 sys_user
|
||||
@ -135,6 +134,7 @@ public class SysUser extends BaseEntity
|
||||
this.deptId = deptId;
|
||||
}
|
||||
|
||||
@Xss(message = "用户昵称不能包含脚本字符")
|
||||
@Size(min = 0, max = 30, message = "用户昵称长度不能超过30个字符")
|
||||
public String getNickName()
|
||||
{
|
||||
@ -146,6 +146,7 @@ public class SysUser extends BaseEntity
|
||||
this.nickName = nickName;
|
||||
}
|
||||
|
||||
@Xss(message = "用户账号不能包含脚本字符")
|
||||
@NotBlank(message = "用户账号不能为空")
|
||||
@Size(min = 0, max = 30, message = "用户账号长度不能超过30个字符")
|
||||
public String getUserName()
|
||||
|
@ -0,0 +1,24 @@
|
||||
package com.ruoyi.common.utils.bean;
|
||||
|
||||
import java.util.Set;
|
||||
import javax.validation.ConstraintViolation;
|
||||
import javax.validation.ConstraintViolationException;
|
||||
import javax.validation.Validator;
|
||||
|
||||
/**
|
||||
* bean对象属性验证
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public class BeanValidators
|
||||
{
|
||||
public static void validateWithException(Validator validator, Object object, Class<?>... groups)
|
||||
throws ConstraintViolationException
|
||||
{
|
||||
Set<ConstraintViolation<Object>> constraintViolations = validator.validate(object, groups);
|
||||
if (!constraintViolations.isEmpty())
|
||||
{
|
||||
throw new ConstraintViolationException(constraintViolations);
|
||||
}
|
||||
}
|
||||
}
|
27
ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
Normal file
27
ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
Normal file
@ -0,0 +1,27 @@
|
||||
package com.ruoyi.common.xss;
|
||||
|
||||
import javax.validation.Constraint;
|
||||
import javax.validation.Payload;
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
/**
|
||||
* 自定义xss校验注解
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
|
||||
@Constraint(validatedBy = { XssValidator.class })
|
||||
public @interface Xss
|
||||
{
|
||||
String message()
|
||||
|
||||
default "不允许任何脚本运行";
|
||||
|
||||
Class<?>[] groups() default {};
|
||||
|
||||
Class<? extends Payload>[] payload() default {};
|
||||
}
|
@ -0,0 +1,29 @@
|
||||
package com.ruoyi.common.xss;
|
||||
|
||||
import javax.validation.ConstraintValidator;
|
||||
import javax.validation.ConstraintValidatorContext;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* 自定义xss校验注解实现
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public class XssValidator implements ConstraintValidator<Xss, String>
|
||||
{
|
||||
private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
|
||||
|
||||
@Override
|
||||
public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)
|
||||
{
|
||||
return !containsHtml(value);
|
||||
}
|
||||
|
||||
public boolean containsHtml(String value)
|
||||
{
|
||||
Pattern pattern = Pattern.compile(HTML_PATTERN);
|
||||
Matcher matcher = pattern.matcher(value);
|
||||
return matcher.matches();
|
||||
}
|
||||
}
|
@ -5,6 +5,7 @@ import javax.validation.constraints.Size;
|
||||
import org.apache.commons.lang3.builder.ToStringBuilder;
|
||||
import org.apache.commons.lang3.builder.ToStringStyle;
|
||||
import com.ruoyi.common.core.domain.BaseEntity;
|
||||
import com.ruoyi.common.xss.Xss;
|
||||
|
||||
/**
|
||||
* 通知公告表 sys_notice
|
||||
@ -45,6 +46,7 @@ public class SysNotice extends BaseEntity
|
||||
this.noticeTitle = noticeTitle;
|
||||
}
|
||||
|
||||
@Xss(message = "公告标题不能包含脚本字符")
|
||||
@NotBlank(message = "公告标题不能为空")
|
||||
@Size(min = 0, max = 50, message = "公告标题不能超过50个字符")
|
||||
public String getNoticeTitle()
|
||||
|
@ -3,6 +3,7 @@ package com.ruoyi.system.service.impl;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
import javax.validation.Validator;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -16,6 +17,7 @@ import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.exception.ServiceException;
|
||||
import com.ruoyi.common.utils.SecurityUtils;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.common.utils.bean.BeanValidators;
|
||||
import com.ruoyi.common.utils.spring.SpringUtils;
|
||||
import com.ruoyi.system.domain.SysPost;
|
||||
import com.ruoyi.system.domain.SysUserPost;
|
||||
@ -56,6 +58,9 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
@Autowired
|
||||
private ISysConfigService configService;
|
||||
|
||||
@Autowired
|
||||
protected Validator validator;
|
||||
|
||||
/**
|
||||
* 根据条件分页查询用户列表
|
||||
*
|
||||
@ -513,6 +518,7 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
SysUser u = userMapper.selectUserByUserName(user.getUserName());
|
||||
if (StringUtils.isNull(u))
|
||||
{
|
||||
BeanValidators.validateWithException(validator, user);
|
||||
user.setPassword(SecurityUtils.encryptPassword(password));
|
||||
user.setCreateBy(operName);
|
||||
this.insertUser(user);
|
||||
@ -521,6 +527,7 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
}
|
||||
else if (isUpdateSupport)
|
||||
{
|
||||
BeanValidators.validateWithException(validator, user);
|
||||
user.setUpdateBy(operName);
|
||||
this.updateUser(user);
|
||||
successNum++;
|
||||
|
Loading…
Reference in New Issue
Block a user