From 7ea5eece501c98a91555a5358931367e78e9d23b Mon Sep 17 00:00:00 2001
From: baizonghao <1719256278@qq.com>
Date: 星期四, 25 五月 2023 15:40:09 +0800
Subject: [PATCH] 11

---
 src/main/java/com/example/jz/auth/MyAccessDeniedHandler.java |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/example/jz/auth/MyAccessDeniedHandler.java b/src/main/java/com/example/jz/auth/MyAccessDeniedHandler.java
index 0ad7404..b690a95 100644
--- a/src/main/java/com/example/jz/auth/MyAccessDeniedHandler.java
+++ b/src/main/java/com/example/jz/auth/MyAccessDeniedHandler.java
@@ -3,8 +3,11 @@
 
 import cn.hutool.json.JSONUtil;
 import com.example.jz.modle.R;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.ServletException;
@@ -12,6 +15,10 @@
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.regex.Pattern;
+
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 /**
  * @author 瀹夌懢鐒�
@@ -21,6 +28,17 @@
 @Component
 public class MyAccessDeniedHandler implements AccessDeniedHandler {
 
+    @Bean
+    public HttpFirewall httpFirewall() {
+        StrictHttpFirewall firewall = new StrictHttpFirewall();
+        Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
+        firewall.setAllowedHeaderValues((header) -> {
+            String parsed = new String(header.getBytes(ISO_8859_1), UTF_8);
+            return allowed.matcher(parsed).matches();
+        });
+        return firewall;
+    }
+
     @Override
     public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
         R<String> r = new R<>();

--
Gitblit v1.8.0