5 08 2014
XSS Filter 사용시 제외 Url 적용 하기
WEB-INF > web.xml
<!– XSS filter –>
<filter>
<filter-name>XSS</filter-name>
<filter-class>com.nuriware.filter.XssFilter</filter-class>
<init-param>
<param-name>excludePatterns</param-name>
<param-value>/servlet/*</param-value><!– 제외 url pattern –>
</init-param>
</filter>
XssFilter.java
public class XssFilter implements Filter {
private String excludePatterns;
public void init(FilterConfig filterConfig) throws ServletException {
this.excludePatterns = filterConfig.getInitParameter(“excludePatterns”);
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String url = ((HttpServletRequest) request).getRequestURI().toString();
if (matchExcludePatterns(url)) {
chain.doFilter(new XssRequestWrapper((HttpServletRequest) request), response);
return;
}
}
public void destroy() {
}
public boolean matchExcludePatterns(String url) {
if(url == null) {
return false;
}
if(this.excludePatterns.equals(url)) {
return false;
}
return true;
}
}
Apache Httpd 2.2.x + JBoss EAP 6.x + mod-jk + node1,node2 clustering, node3,node4 clustering방법 Oracle – the password has expired 에러 발생