package com.lc.ibps.auth.shiro.filter;

import com.lc.ibps.base.core.entity.ResultMessage;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.web.util.RegMatchers;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/lc/ibps/auth/shiro/filter/XssFilter.class */
public class XssFilter extends BaseFilter {
    private Pattern regex = Pattern.compile("<(\\S*?)[^>]*>.*?</\\1>|<[^>]+>", 106);
    private RegMatchers matchers;

    public RegMatchers getMatchers() {
        return this.matchers;
    }

    public void setMatchers(RegMatchers regMatchers) {
        this.matchers = regMatchers;
    }

    @Override // com.lc.ibps.auth.shiro.filter.BaseFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        return this.matchers.isContainUrl(httpServletRequest.getRequestURI()) || !checkXss(httpServletRequest);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (StringUtil.isEmpty(httpServletRequest.getHeader("x-requested-with"))) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.errorUrl);
            return false;
        }
        httpServletResponse.getWriter().print(new ResultMessage(0, "检测到XSS攻击，请检是否输入了HTML字符！"));
        return false;
    }

    private boolean checkXss(HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String join = StringUtil.join(httpServletRequest.getParameterValues(parameterNames.nextElement().toString()), "");
            if (!StringUtil.isEmpty(join) && this.regex.matcher(join).find()) {
                return true;
            }
        }
        return false;
    }
}
