2024-01-03 17:59:04 +00:00
|
|
|
package stirling.software.SPDF.config;
|
|
|
|
|
|
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.Map;
|
|
|
|
|
|
|
|
|
|
import org.springframework.web.servlet.HandlerInterceptor;
|
|
|
|
|
import org.springframework.web.servlet.ModelAndView;
|
|
|
|
|
|
|
|
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
|
|
|
import jakarta.servlet.http.HttpServletResponse;
|
|
|
|
|
|
|
|
|
|
public class CleanUrlInterceptor implements HandlerInterceptor {
|
|
|
|
|
|
|
|
|
|
private static final List<String> ALLOWED_PARAMS =
|
|
|
|
|
Arrays.asList(
|
2024-05-18 23:47:05 +02:00
|
|
|
"lang",
|
|
|
|
|
"endpoint",
|
|
|
|
|
"endpoints",
|
|
|
|
|
"logout",
|
|
|
|
|
"error",
|
2025-02-24 22:18:34 +00:00
|
|
|
"errorOAuth",
|
2024-05-18 23:47:05 +02:00
|
|
|
"file",
|
2024-07-05 21:48:33 +02:00
|
|
|
"messageType",
|
|
|
|
|
"infoMessage");
|
2024-01-03 17:59:04 +00:00
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public boolean preHandle(
|
|
|
|
|
HttpServletRequest request, HttpServletResponse response, Object handler)
|
|
|
|
|
throws Exception {
|
|
|
|
|
String queryString = request.getQueryString();
|
|
|
|
|
if (queryString != null && !queryString.isEmpty()) {
|
|
|
|
|
String requestURI = request.getRequestURI();
|
2024-07-31 13:25:48 -07:00
|
|
|
Map<String, String> allowedParameters = new HashMap<>();
|
2024-01-03 17:59:04 +00:00
|
|
|
|
|
|
|
|
// Keep only the allowed parameters
|
|
|
|
|
String[] queryParameters = queryString.split("&");
|
|
|
|
|
for (String param : queryParameters) {
|
2024-07-31 13:25:48 -07:00
|
|
|
String[] keyValuePair = param.split("=");
|
|
|
|
|
if (keyValuePair.length != 2) {
|
2024-01-03 17:59:04 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2024-07-31 13:25:48 -07:00
|
|
|
if (ALLOWED_PARAMS.contains(keyValuePair[0])) {
|
|
|
|
|
allowedParameters.put(keyValuePair[0], keyValuePair[1]);
|
2024-01-03 17:59:04 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If there are any parameters that are not allowed
|
2024-07-31 13:25:48 -07:00
|
|
|
if (allowedParameters.size() != queryParameters.length) {
|
2024-01-03 17:59:04 +00:00
|
|
|
// Construct new query string
|
|
|
|
|
StringBuilder newQueryString = new StringBuilder();
|
2024-07-31 13:25:48 -07:00
|
|
|
for (Map.Entry<String, String> entry : allowedParameters.entrySet()) {
|
2024-01-03 17:59:04 +00:00
|
|
|
if (newQueryString.length() > 0) {
|
|
|
|
|
newQueryString.append("&");
|
|
|
|
|
}
|
|
|
|
|
newQueryString.append(entry.getKey()).append("=").append(entry.getValue());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Redirect to the URL with only allowed query parameters
|
|
|
|
|
String redirectUrl = requestURI + "?" + newQueryString;
|
2024-06-09 13:56:55 +01:00
|
|
|
|
2024-06-08 16:07:23 +01:00
|
|
|
response.sendRedirect(request.getContextPath() + redirectUrl);
|
2024-01-03 17:59:04 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void postHandle(
|
|
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response,
|
|
|
|
|
Object handler,
|
|
|
|
|
ModelAndView modelAndView) {}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void afterCompletion(
|
|
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response,
|
|
|
|
|
Object handler,
|
|
|
|
|
Exception ex) {}
|
|
|
|
|
}
|
