[Java] XSS 방지 스프링 Cross Site Scripting

금금금

[Java] XSS 방지

Language/Java 2013.06.25 10:39

출처 : http://www.javacodegeeks.com/2012/07/anti-cross-site-scripting-xss-filter.html

XSSFilter.java

XSSInterceptor.java

XSSRequestWrapper.java

1. Filter 적용

<filter>
        <filter-name>xss</filter-name>
        <filter-class>com.jejubank.admin.util.xss.XSSFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>xss</filter-name>
        <url-pattern>*.do</url-pattern>
    </filter-mapping>

2. Interceptor 적용

<mvc:interceptors>
       <mvc:interceptor>
           <mvc:mapping path="/**" />
            <bean class="com.jejubank.admin.util.xss.XSSInterceptor" />
       </mvc:interceptor>
   </mvc:interceptors>

=======================================================================================================
=======================================================================================================

첨부파일 있는 경우 XSS Filter

참고 : http://www.javapractices.com/topic/TopicAction.do?Id=221

XSSFilter.java

XSSMultipartRequestWrapper.java

XSSRequestWrapper.java

< Prev [스프링 3.1] web.xml이 없는 자바 웹 애플리케이션

[시큐어코딩실습] XSS 방어를 위한 시큐어코딩 기법 Next >

♥