SpringMvc framework to address any of the interfaces in Canada RESTFUL ".xxx" permission to bypass the problem - Code World

SpringMvc framework to address any of the interfaces in Canada RESTFUL ".xxx" permission to bypass the problem

Others 2019-09-19 02:15:57 views: null

Problem Description:

The framework uses a SpringMVC, SpringSecurity, rights doing interception when found a problem, assuming the request path / user / detail was intercepted authority, when accessing /user/detail.abc was able to have access to

problem causes:

SpringMVC frame will "/user/detail.abc" RequestMapping with the "/ user / detail" regular, the matching rule: /user/detail.*, so when the request comes deposit can /user/detail.abc to / user / detail of the processing performed Controller

Solution:

SpringMVC support path matching rule, RequestMappingHandlerMapping useSuffixPatternMatch class has a property, determining whether the value required by the end of the string. Xml configuration corresponding to

< MVC: Annotation-Driven > 
    < : MVC path-matching suffix-pattern = "false"  <! - if no such configuration, the default is to true -> /> 
  </ MVC: Annotation-Driven >

After this configuration, when you then be accessed through the "/user/detail.abc", it will report a 404 or 405 error, so as to achieve the purpose of intercepting authority

Guess you like

Origin www.cnblogs.com/aligege/p/11544525.html

SpringMvc framework to address any of the interfaces in Canada RESTFUL ".xxx" permission to bypass the problem

SpringMVC supports version manageable Restful interfaces

SpringMVC integrates Shiro permission framework

springMVC integrated shiro permission authentication framework, the problem Log on to log does not appear after logging

Sharing of data permission encryption methods for restful services in springmvc in SOA

nacos permission bypass vulnerability

Springmvc framework construction problem notes

Remember a permission bypass caused by JWT

How to bypass any computer restrictions

Django rest_framework develops a set of RESTFUL standard interfaces [ModelSerializer+GenericAPIView]

xss encoding problem and bypass

springmvc-restful style

springmvc development restful API

restful style. Springmvc

SpringMVC - RESTful style development

SpringMVC - RESTful learning

03-SpringMVC_RESTful

SpringMVC develop RESTful interface

SpringMVC in RestFul style

SpringMVC RESTful practice demo

Springmvc的restful风格

SpringMVC implements RESTful services

【springMVC】RESTFul与HttpMessageConverter

Chapter 6 RESTful of SpringMVC

launchAnyWhere: Activity component permission bypass vulnerability analysis

Android LaunchAnywhere component permission bypass vulnerability

(qq:951449465) SpringMVC+mybatis+shiro+Restful+dubbo+maven distributed framework design

springmvc permission beta

springmvc permission beta

[Python] PermissionError: [Errno 13] Permission denied:'xxx.xlsx' problem solved

Recommended

The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!

Ranking

Getting the basic concepts of ROS + catkin Profile

Spring Learning (2) --- Assembling Beans in the IoC Container

js to get the src attribute of the image regularly

STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud

Short video learning - 3, pandas simple use of pivot_table

Print directory of project configuration log, output log

Understand the difference between vi and vim in Linux in 3 minutes

1 + x certificate Web front-end development HTML5 special exercises

mangodb save and insert the difference

7-1 Family tree processing (50 points) (binary tree solution)

Daily

More

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)