Shulou(Shulou.com)06/02 Report--

This article introduces you how to use the jsp file in jspxcms, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Access to jsp is prohibited by default in the system. Allowing jsp access can easily lead to some vulnerabilities, and the most common attack is to obtain webshell by uploading jsp files.

Filtering of jsp jspx suffixes is defined in com.jspxcms.core.ShiroConfig.

@ Bean public FilterRegistrationBean jspDispatcherFilterRegistrationBean () {FilterRegistrationBean filterRegistration = new FilterRegistrationBean (); filterRegistration.setFilter (new JspDispatcherFilter ()); filterRegistration.setEnabled (true); filterRegistration.addInitParameter ("prefix", "/ jsp"); filterRegistration.addUrlPatterns ("* .jspx"); filterRegistration.addUrlPatterns ("* .jspx"); filterRegistration.setDispatcherTypes (DispatcherType.REQUEST); return filterRegistration;}

Where com.jspxcms.common.web.JspDispatcherFilter is the filter.

/ * whether to allow access to JSP or JSPX files. Default false. * / private boolean allowed = false; / * request forwarding address prefix. Only jsp (jspx) of a specific directory is allowed to be accessed. The default is / jsp. For example, access / abc.jsp actually accesses the file / jsp/abc.jsp by forwarding the request. * / private String prefix = "/ jsp"; public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {if (! allowed) {((HttpServletResponse) response) .sendError (HttpServletResponse.SC_FORBIDDEN, "JSP Access Denied"); return;} HttpServletRequest req = (HttpServletRequest) request; String uri = req.getRequestURI (); String ctx = req.getContextPath () If (StringUtils.isNotBlank (ctx)) {uri = uri.substring (ctx.length ());} request.getRequestDispatcher (prefix + uri) .forward (request, response);} public void init (FilterConfig filterConfig) throws ServletException {String allowed = filterConfig.getInitParameter ("allowed"); if ("true" .equals (allowed)) {this.allowed = true } String prefix = filterConfig.getInitParameter ("prefix"); if (StringUtils.isNotBlank (prefix)) {this.prefix = prefix;}}

Direct access to any jsp is not allowed by default in this filter. However, in some cases where it is necessary to use jsp, a relatively secure way to access jsp is reserved. All jsp requests are forwarded to the / jsp directory, which prevents attacks caused by attackers uploading jsp files to directories such as uploads. Because only jsp files uploaded to the / jsp directory can be accessed.

You can modify the private boolean allowed = true; of JspDispatcherFilter. Then put the jsp file in the / jsp directory. For example, to create a / jsp/abc.jsp file, the access path is / abc.jsp.

On how to use jsp files in jspxcms to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.