-
-
Notifications
You must be signed in to change notification settings - Fork 155
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix auth permission bypass due to special request uri path (#168)
* fix auth permission bypass due to special request uri path * fix auth permission bypass due to special request uri path
- Loading branch information
Showing
16 changed files
with
177 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
118 changes: 118 additions & 0 deletions
118
core/src/main/java/com/usthe/sureness/util/ServletUtil.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
package com.usthe.sureness.util; | ||
|
||
import javax.servlet.http.HttpServletRequest; | ||
import java.io.UnsupportedEncodingException; | ||
import java.net.URLDecoder; | ||
|
||
/** | ||
* util for servlet container | ||
* from apache shiro | ||
* @author shiro | ||
* @date 2022/10/23 15:19 | ||
*/ | ||
public class ServletUtil { | ||
|
||
private static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1"; | ||
|
||
public static String getRequestUri(HttpServletRequest request) { | ||
String uri = valueOrEmpty(request.getContextPath()) + "/" + | ||
valueOrEmpty(request.getServletPath()) + | ||
valueOrEmpty(request.getPathInfo()); | ||
return normalize(decodeAndCleanUriString(request, uri)); | ||
} | ||
|
||
public static String valueOrEmpty(String value) { | ||
if (value == null) { | ||
return ""; | ||
} | ||
return value; | ||
} | ||
|
||
private static String decodeAndCleanUriString(HttpServletRequest request, String uri) { | ||
uri = decodeRequestString(request, uri); | ||
return removeSemicolon(uri); | ||
} | ||
|
||
private static String removeSemicolon(String uri) { | ||
int semicolonIndex = uri.indexOf(';'); | ||
return (semicolonIndex != -1 ? uri.substring(0, semicolonIndex) : uri); | ||
} | ||
|
||
public static String decodeRequestString(HttpServletRequest request, String source) { | ||
String enc = determineEncoding(request); | ||
try { | ||
return URLDecoder.decode(source, enc); | ||
} catch (UnsupportedEncodingException ex) { | ||
return URLDecoder.decode(source); | ||
} | ||
} | ||
|
||
protected static String determineEncoding(HttpServletRequest request) { | ||
String enc = request.getCharacterEncoding(); | ||
if (enc == null) { | ||
enc = DEFAULT_CHARACTER_ENCODING; | ||
} | ||
return enc; | ||
} | ||
|
||
private static String normalize(String path) { | ||
|
||
if (path == null) { | ||
return null; | ||
} | ||
|
||
// Create a place for the normalized path | ||
String normalized = path; | ||
|
||
if (normalized.indexOf('\\') >= 0) { | ||
normalized = normalized.replace('\\', '/'); | ||
} | ||
|
||
if ("/.".equals(normalized)) { | ||
return "/"; | ||
} | ||
|
||
// Add a leading "/" if necessary | ||
if (!normalized.startsWith("/")) { | ||
normalized = "/" + normalized; | ||
} | ||
|
||
// Resolve occurrences of "//" in the normalized path | ||
while (true) { | ||
int index = normalized.indexOf("//"); | ||
if (index < 0) { | ||
break; | ||
} | ||
normalized = normalized.substring(0, index) + | ||
normalized.substring(index + 1); | ||
} | ||
|
||
// Resolve occurrences of "/./" in the normalized path | ||
while (true) { | ||
int index = normalized.indexOf("/./"); | ||
if (index < 0) { | ||
break; | ||
} | ||
normalized = normalized.substring(0, index) + | ||
normalized.substring(index + 2); | ||
} | ||
|
||
// Resolve occurrences of "/../" in the normalized path | ||
while (true) { | ||
int index = normalized.indexOf("/../"); | ||
if (index < 0) { | ||
break; | ||
} | ||
if (index == 0) { | ||
return (null); | ||
} | ||
int index2 = normalized.lastIndexOf('/', index - 1); | ||
normalized = normalized.substring(0, index2) + | ||
normalized.substring(index + 3); | ||
} | ||
|
||
// Return the normalized path that we have completed | ||
return (normalized); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters