Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package hello.aspect;
- import org.aspectj.lang.JoinPoint;
- import org.aspectj.lang.ProceedingJoinPoint;
- import org.aspectj.lang.annotation.Aspect;
- import org.aspectj.lang.annotation.Before;
- import org.aspectj.lang.annotation.Pointcut;
- import org.springframework.stereotype.Component;
- @Aspect
- public class XSSAspect {
- @Before(value = "execution(* hello.controllers.MessageAPIController.*(..))")
- public void before(final ProceedingJoinPoint joinPoint) throws Throwable {
- Object[] arguments = joinPoint.getArgs();
- for (int i = 0; i < arguments.length; i++) {
- if (arguments[i] instanceof String) {
- String s = (String) arguments[i];
- s = "testing";
- arguments[i] = s;
- }
- }
- joinPoint.proceed(arguments);
- }
- }
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx
- http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"
- xmlns:tx="http://www.springframework.org/schema/tx">
- <aop:aspectj-autoproxy />
- <bean id="xssAspect" class="hello.aspect.XSSAspect" />
- <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
- <property name="prefix">
- <value>/WEB-INF/jsp/</value>
- </property>
- <property name="suffix">
- <value>.jsp</value>
- </property>
- </bean>
- <bean id="sessionFactory"
- class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
- <property name="dataSource" ref="dataSource" />
- <property name="packagesToScan" value="hello" />
- <property name="hibernateProperties">
- <props>
- <prop key="hibernate.hbm2ddl.auto">${hibernate.hbm2ddl.auto}</prop>
- <prop key="hibernate.dialect">${hibernate.dialect}</prop>
- </props>
- </property>
- </bean>
- <bean id="transactionManager"
- class="org.springframework.orm.hibernate4.HibernateTransactionManager">
- <property name="sessionFactory" ref="sessionFactory"></property>
- </bean>
- <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
- <property name="maxUploadSize" value="268435456"/>
- </bean>
- <bean id="freeMarkerConfigurationFactory" init-method="createConfiguration"
- class="org.springframework.ui.freemarker.FreeMarkerConfigurationFactoryBean">
- <property name="templateLoaderPath" value="classpath:/freemarker"/>
- <property name="preferFileSystemAccess" value="false"/>
- </bean>
- <bean name="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
- <property name="driverClassName" value="com.mysql.jdbc.Driver" />
- <property name="url" value="jdbc:mysql://localhost:3306/carbudgy" />
- <property name="username" value="root" />
- <property name="password" value="dantheman" />
- </bean>
- <bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
- <property name="host" value="smtp.gmail.com"/>
- <property name="port" value="25"/>
- <property name="username" value="carbudgymccarthy@gmail.com"/>
- <property name="password" value="Dantheman"/>
- <property name="javaMailProperties">
- <props>
- <prop key="mail.transport.protocol">smtp</prop>
- <prop key="mail.smtp.auth">true</prop>
- <prop key="mail.smtp.starttls.enable">true</prop>
- <prop key="mail.debug">true</prop>
- </props>
- </property>
- </bean>
- <bean id="TaskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
- <property name="corePoolSize" value="5" />
- <property name="maxPoolSize" value="10" />
- <property name="queueCapacity" value="25" />
- <property name="daemon" value="true" />
- </bean>
- <bean id="persistenceExceptionTranslationPostProcessor"
- class="org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor"/>
- <bean name="VehicleDao" class="hello.dao.VehicleDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="ModelDao" class="hello.dao.ModelDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="ManufactureDao" class="hello.dao.ManufactureDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="UserDao" class="hello.dao.UserDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="CurrencyDao" class="hello.dao.CurrencyDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="ProposalDao" class="hello.dao.ProposalDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="AcceptedProposalDao" class="hello.dao.AcceptedProposalDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="ManufactureModelDao" class="hello.dao.ManufactureModelDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="UploadDao" class="hello.dao.UploadDaoImpl">
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean name="VehicleService" class="hello.services.VehicleServiceImpl">
- <property name="vehicleDao" ref="VehicleDao" />
- <property name="manufactureModelDao" ref="ManufactureModelDao" />
- </bean>
- <bean name="UserService" class="hello.services.UserServiceImpl">
- <property name="userDao" ref="UserDao" />
- </bean>
- <bean name="CurrencyService" class="hello.services.CurrencyServiceImpl">
- </bean>
- <bean name="ManufactureService" class="hello.services.ManufactureServiceImpl">
- </bean>
- <bean name="ProposalService" class="hello.services.ProposalServiceImpl">
- <property name="proposalDao" ref="ProposalDao"></property>
- <property name="acceptedProposalDao" ref="AcceptedProposalDao"></property>
- </bean>
- <bean name="ModelService" class="hello.services.ModelServiceImpl">
- </bean>
- <bean name="EmailService" class="hello.services.EmailServiceImpl">
- <property name="taskExecutor" ref="TaskExecutor" />
- </bean>
- <bean name="UploadService" class="hello.services.StandardUploadService">
- </bean>
- <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
- <property name="basename" value="messages" />
- </bean>
- <bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
- <property name="defaultLocale" value="en" />
- </bean>
- <mvc:interceptors>
- <mvc:interceptor>
- <mvc:mapping path="/**" />
- <bean id="localeChangeInterceptor"
- class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
- <property name="paramName" value="lang" />
- </bean>
- </mvc:interceptor>
- </mvc:interceptors>
- <context:component-scan base-package="hello" />
- <tx:annotation-driven transaction-manager="transactionManager"/>
- <mvc:annotation-driven />
- <context:annotation-config />
- </beans>
- package hello.controllers;
- import hello.api.APIResponse;
- import hello.api.UploadAPIResponse;
- import hello.aspect.AntiJavascript;
- import hello.models.Upload;
- import org.springframework.stereotype.Controller;
- import org.springframework.ui.ModelMap;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RequestMethod;
- import org.springframework.web.multipart.MultipartFile;
- @Controller
- public class MessageAPIController extends APIController {
- @RequestMapping(value="/message", method = RequestMethod.GET)
- public String showMessage(String message, ModelMap model) throws Exception {
- model.addAttribute("message", message);
- return new String("message");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement