这是我的情况:
我在 Eclipse 中有一个 Web 应用程序。目前它是一个 AspectJ web 应用程序。
我的“src”文件夹中有一个名为 JSPCSRFTokenInjection.aj
的方面,它具有捕获 JspWriter.write
方法和其他一些内容的切入点。看起来像这样:
package com.aspects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspWriter;
import org.apache.log4j.Logger;
import com.thesis.aop.util.StopWatch;
public aspect JSPCSRFTokenInjection{
Logger logger;
StopWatch watch;
private String currentCSRFToken = null;
//Constuctor for the Aspect. I do some init of loggers and
//such here.
public JSPCSRFTokenInjection(){
//PropertyConfigurator.configure("log4j.properties");
logger = Logger.getLogger("csrfMitigationLogger");
logger.info("CSRF Injection Aspect Created");
watch = new StopWatch();
}
//Capturing the CSRF Token from the request by intercepting the
//_jspService method inside of the JSP
public pointcut csrf_jspServiceIntercept(HttpServletRequest req,
HttpServletResponse resp) :
call(public void _jspService(HttpServletRequest, HttpServletResponse))
&& args(req, resp);
before(HttpServletRequest req, HttpServletResponse resp) :
csrf_jspServiceIntercept(req, resp){
currentCSRFToken = (String) req.getParameter("csrfSalt");
logger.info("Got CSRF Token from request: " + currentCSRFToken);
}
//Pointcut and advice for capturing the writing into a JSP.
public pointcut csrf_captureFormWriting(String msg, JspWriter writer) :
call(public void JspWriter.write(String))
&& args(msg)
&& target(writer)
&& if(msg.toLowerCase().contains("</form>"));
before(String msg, JspWriter writer) : csrf_captureFormWriting(msg, writer){
try{
logger.info("WRITING TO JSP");
writer.write("TEST_CSRF");
writer.write("<input type='hidden' name='csrfSalt' value='" + currentCSRFToken + "'/>");
}
catch(Exception e){
e.printStackTrace();
}
}
}
我在 WebApp/WebContent/META-INF/
目录中还有一个 aop.xml
文件。
作为引用,我的 web.xml
文件位于 WebApp/WebContent/WEB-INF/
目录中。
aop.xml
如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE aspectj PUBLIC "-//AspectJ//DTD//EN" "http://www.eclipse.org/aspectj /dtd/aspectj.dtd">
<aspectj>
<weaver options="-showWeaveInfo -verbose -debug -Xset:weaveJavaPackages=true">
<!-- Weave types that are within the javax.* or org.aspectj.*
packages. Also weave all types in the foo package that do
not have the @NoWeave annotation. -->
<include within="javax.*"/>
<include within="com.*"/>
<include within="org.*"/>
<include within="org.aspectj.*"/>
</weaver>
<aspects>
<!-- declare two existing aspects to the weaver -->
<aspect name="com.aspects.JSPCSRFTokenInjection"/>
<aspect name="com.aspects.MitigateCSRFAspect"/>
<!-- Of the set of aspects declared to the weaver
use aspects matching the type pattern "com..*" for weaving. -->
<include within="com.*"/>
<include within="org.*"/>
<!-- Of the set of aspects declared to the weaver
do not use any aspects with the @CoolAspect annotation for weaving -->
</aspects>
</aspectj>
我还将 -javaagent:C:/aspectj1.6/lib/aspectjweaver.jar
添加到我在 Tomcat 中的 JVM 参数中。
如果有帮助,我正在使用 tomcat 的 SysDeo 插件。此外,编译时织入在应用程序的其他部分运行良好,但是,我无法在影响 JSP 的任何方面进行织入。
最佳答案
我发现了问题。我将我的 aop.xml 文件放在错误的目录中。对我来说非常愚蠢。
它应该放在
<ProjectRoot>/WebContent/WEB-INF/classes/META-INF/aop-ajc.xml
目录。但是,我将它直接放在 WEB-INF 下。
关于java - 我如何使用 AspectJ 1.6 和 Tomcat 6 进行 JSP 的加载时间织入?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11907442/